Solved: Need ACS 4.2 configuration help

jithu p · ‎12-05-2012

Hi team,

We are using ACS 4.2 for the network device authentication.Now we need to create one user who can only able to shut and no shut the router interface.May i know how can i assign only three commands (conf t, Interface ,shut) to one user

Gurpreet Puri · ‎12-06-2012

Hi Jithu,

Please have a look on the link below:

http://www.netcraftsmen.net/resources/archived-articles/365-more-aaa-simple-authentication-authorization-and-accounting.html

It shows step by step configuration of what you looking for.

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)

View solution in original post

mauzamor · ‎12-05-2012

Hi there,

This can be done using the Shell Command Authorization option, then you can apply this Shell into the User configuration, take a look below:

mauzamor · ‎12-05-2012

I forget to add the screenshots, here they are:

Then you apply this in the User configuration:

jithu p · ‎12-06-2012

Hi Mauricio,

Thanks for your answer.Please help me to fill all another informations also while creating the user and the user group.Please share the screen shot for the same.Please help me because i dont have any experience in the ACS.First time i am logging to this...

Gurpreet Puri · ‎12-06-2012

Hi Jithu,

Please have a look on the link below:

http://www.netcraftsmen.net/resources/archived-articles/365-more-aaa-simple-authentication-authorization-and-accounting.html

It shows step by step configuration of what you looking for.

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)

nivedita.chamarthy · ‎02-05-2013

Hi,

I would like to add a new user group on ACS 4.2 and allow access to certain devices on the network, not to everything that is being authenticated by the ACS box. Please help me find a way to do such configuration.

My apologies for asking a new question here.

Thanks in Advance

Nivi

nivedita.chamarthy · ‎02-05-2013

Hi,

I would like to add a new user group on ACS 4.2 and allow access to certain devices on the network, not to everything that is being authenticated by the ACS box. Please help me find a way to do such configuration.

My apologies for asking a new question here.

Thanks in Advance

Nivi

eudechime · ‎02-05-2013

Hi Nivi,

You need to create a network device group (NDG), add the devices you want users to authenticate to and assign user to that group. You can create multiple groups depending on their authentication requirements.

I hope this helps.

nivedita.chamarthy · ‎02-05-2013

Hi Eudechime,

That definitely helps! Thank you for your insights. Can you please provide more detail. I need to create user groups, not based on the IP addresses of the machines, they use to access.

Thanks

Nivi

eudechime · ‎02-05-2013

you can create up to 500 users..Group 0 - 499.

click

pull down arrow to select the group you want 0 -499 (0 - is the default)

click to give it name of your choice

Click submit

Click Network Configuration. Click to create NDG.

click the NDG and add devices.

To get this to work, you must assign the user and device you want user to access to this group. Add a user, ensure you selected the group to which user is assigned and click use group settings, etc.

This may not be clear if you are pretty new to ACS, but I'm sure it will help direct you to the right path

nivedita.chamarthy · ‎02-05-2013

Thank you a ton!

I will try that out and let you know how it goes.