Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
0
Helpful
3
Replies

Local Username Database

shahab.66
Level 1
Level 1

‎12-13-2015 06:34 AM - edited ‎03-10-2019 11:19 PM

Dear Friends,

I'm struggling with an issue.

I've set up an ssl vpn (Anyconnect) on a cisco 2811 router. Because of certain limitations I can't setup a radius or tacacs server.

my VTY line authentication is aaa login local

I have some questions:

1- can I set up accounts on the local database that can't login to the router (just be able to use the VPN)

2- can I create an aaa authentication list that contain just some of the local usernames not all of them so I can limit the logins

3- can I assign an access-list to a specific username? (username **** access-class ) didn't work for me when the user connects the anyconnect client! (WebVPN ACL applies)

Please help me I'm struggling!!! 

Labels:
0 Helpful
3 Replies 3

Milos Megis
Level 3
Level 3

‎12-15-2015 12:11 AM

Hello,
1. As far as I know you can only specify for VPN user privilege level 0 so user then can connect to router but will have only "enable" command and without enable password he can do nothing.

I don´t know to answer on 2. and 3. question. But I think that you can have only one local database with usernames and also you cannot assign access list to username.

0 Helpful

shahab.66
Level 1
Level 1
In response to Milos Megis

‎12-20-2015 12:36 PM

Thanks for the help,

I Finally did it, using aaa attribute lists I set policies to user groups and my problem is solved!

0 Helpful

Carsten Peukert
Level 1
Level 1
In response to shahab.66

‎05-30-2016 03:04 PM

Can you give a code snippet, how do you have configured the aaa attribute list and the policies to user groups?

Thanks

0 Helpful
Customers Also Viewed These Support Documents