Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2372
Views
15
Helpful
9
Replies
Highlighted
paul.rami
Beginner
Beginner
‎03-09-2013 01:24 PM
‎03-09-2013 01:24 PM

alcatel 7750 SR integration with cisco ACS for ftp and snmp access ?

Hi all,

i am using cisco ACS5.3 to gurant aaa services in my network witch comprise alcatel routers 7750 SR and SAM.

Actually, the 7750SR is integrated the the ACS and the authentcation order is tacacs local, witch means that if the user is not in acs move to the local database-->this implicat a security threat in my network.

i 'd like the change this behavorlike this: if the user is not in acs database and acs is rechable--> deny access.

we know how to do that in he router.But we have 2 user defined in the local databse of the 7750 SR (1 used for ftp access, and the 1 other used for snmpv3 user to communicate with sam server). we would so configure these two users in ACS servers.

can u help me please solve this problem.

thanks in advance.

BRs,

Labels:
Everyone's tags (6)
0 Helpful
Reply
9 REPLIES 9
Highlighted
Amjad Abdullah
Engager
Engager
‎03-10-2013 03:52 AM
‎03-10-2013 03:52 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Paul:
Not sure if I understood you exactly.

On your Alcatel router you can configure it to only use TACACS+ (not local). Is that right?

Now, you need to configure usrers on the ACS side, correct?
Because it is only to configure a normal users in the database in ACS, ( I don't think you don't know how to do that) then I am not able to find where your poblem is?

can you please elaborate more?

Thanks.

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Reply
Highlighted
paul.rami
Beginner
Beginner
‎03-10-2013 11:18 AM
‎03-10-2013 11:18 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Hi Amjad,

Thanks first for u reponse.

The problem is when i configure for exemple the user used for ftp in acs, the user is correctly authenticated to the router(information taken from acs logs) but i can access the ftp folder of the router ( cf3\:)

did u have any idea ?

Many thanks.

Regards,

0 Helpful
Reply
Highlighted
Amjad Abdullah
Engager
Engager
‎03-11-2013 12:05 AM
‎03-11-2013 12:05 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Hi Paul,

You said the users CAN acess the ftp folder in the router. I think you mean the user CAN NOT access the ftp folder. is that correct?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Reply
Highlighted
paul.rami
Beginner
Beginner
‎03-11-2013 01:48 AM
‎03-11-2013 01:48 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Sure Amjad,

when i try to login to the ftp server of the alcatel 7750 SR with the user i have defined in the acs using filezilla client for example i get login failed response .

BRs,

0 Helpful
Reply
Highlighted
Amjad Abdullah
Engager
Engager
‎03-11-2013 02:08 AM
‎03-11-2013 02:08 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Ok. Now I got you.

So, what the logs on the ACS server say about this failed attempt? what is the failure reason? That should point is where the problem could be.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Reply
Highlighted
paul.rami
Beginner
Beginner
‎03-11-2013 03:42 AM
‎03-11-2013 03:42 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Hi Amjed,

in ACS log, i see a successful  authentication.

BRs,

0 Helpful
Reply
Highlighted
maldehne
Cisco Employee
Cisco Employee
‎03-11-2013 04:00 AM
‎03-11-2013 04:00 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

what can you see in authorization logs if you are using Tacacs+?

Most of the time failure to login to AAA clients result from authoirzation failure

due to the lack of adding attributes needed to force differentiated level of access

that can be understood by that particular AAA client.

I would recommend you to check the documentation for your third party AAA client

and verify what attributes neede to auhorize users trying to acces it as well as make sure

that they have been added correctly on ACS.

-------------------------------------------------------------------------------------------------------

Please make sure to rate correct answers

Reply
Highlighted
paul.rami
Beginner
Beginner
‎03-11-2013 09:01 AM
‎03-11-2013 09:01 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Hi Amjad, maldehne,

i have checked with alcatel support and the solution is adding the following configuration:

configure system security
    user-template "tacplus_default"
         access console ftp

So users wauthenticated via tacacs will have access to console and ftp.

Many thanks.

BRs,

Reply
Highlighted
Amjad Abdullah
Engager
Engager
‎03-17-2013 04:41 AM
‎03-17-2013 04:41 AM

alcatel 7750 SR integration with cisco ACS for ftp and snmp acce

Glad to hear your problem is resolved Paul.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Reply
Latest Contents
How to: Cisco Identity Services Engine Integration with IBM ...
Created by pavagupt on 05-29-2020 12:45 AM
0
5
0
5
Introduction Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM vendor integration to help the customers to look for compliance of a devices bein... view more
AMP4E - Cisco Threat Response and ESA Integration
Created by bremarqu on 05-27-2020 09:16 AM
0
0
0
0
Hello, This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.   This is live on the portal:https://video.cisco.com/video/6159336218001   And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg   ... view more
Migrate from C170 to C190
Created by fhk_license on 05-26-2020 02:24 AM
3
0
3
0
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
DGTL-BRKSEC-1011 - A Challenger Appears: Defending Mailboxes...
Created by chclasen on 05-20-2020 09:43 AM
0
0
0
0
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense. Join Techn... view more
ASA Image won't stay
Created by Senbonzakura on 05-19-2020 12:19 PM
3
0
3
0
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners

Follow our Social Media Channels