cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1191
Views
9
Helpful
10
Replies
jithu p
Beginner

Need ACS 4.2 configuration help

Hi team,

We are using ACS 4.2 for the network device authentication.Now we need to create one user who can only able to shut and no shut the router interface.May i know how can i assign only three commands (conf t, Interface ,shut) to one user

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Jithu,

Please have a look on the link below:

http://www.netcraftsmen.net/resources/archived-articles/365-more-aaa-simple-authentication-authorization-and-accounting.html

It shows step by step configuration of what you looking for.

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)

View solution in original post

10 REPLIES 10
mauzamor
Beginner

Hi there,

This can be done using the Shell Command Authorization option, then you can apply this Shell into the User configuration, take a look below:

I forget to add the screenshots, here they are:

Then you apply this in the User configuration:

Hi Mauricio,

Thanks for your answer.Please help me to fill all another informations also while creating the user and the user group.Please share the screen shot for the same.Please help me because i dont have any experience in the ACS.First time i am logging to this...

Hi Jithu,

Please have a look on the link below:

http://www.netcraftsmen.net/resources/archived-articles/365-more-aaa-simple-authentication-authorization-and-accounting.html

It shows step by step configuration of what you looking for.

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)

View solution in original post

Hi,

I would like to add a new user group on ACS 4.2 and allow access to certain devices on the network, not to everything that is being authenticated by the ACS box. Please help me find a way to do such configuration.

My apologies for asking a new question here.

Thanks in Advance

Nivi

Hi,

I would like to add a new user group on ACS 4.2 and allow access to certain devices on the network, not to everything that is being authenticated by the ACS box. Please help me find a way to do such configuration.

My apologies for asking a new question here.

Thanks in Advance

Nivi

Hi Nivi,

You need to create a network device group (NDG), add the devices you want users to authenticate to and assign user to that group. You can create multiple groups depending on their authentication requirements.

I hope this helps.

Hi Eudechime,

That definitely helps! Thank you for your insights. Can you please provide more detail. I need to create user groups, not based on the IP addresses of the machines, they use to access.

Thanks

Nivi

you can create up to 500 users..Group 0 - 499.

click

pull down arrow to select the group you want 0 -499 (0  - is the default)

click to give it name of your choice

Click submit

Click Network Configuration. Click to create NDG.

click the NDG and add devices.

To get this to work, you must assign the user and device you want user  to access to this group. Add a user, ensure you selected the group to  which user is assigned and click use group settings, etc.

This may not be clear if you are pretty new to ACS, but I'm sure it will help direct you to the right path

Thank you a ton!

I will try that out and let you know how it goes.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (40%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel