Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
0
Helpful
4
Replies

Network devices access restriction configuration with user level in ACS 5.0

Go to solution
vinodjad1234
Level 2
Level 2

‎09-14-2011 12:44 AM - edited ‎03-10-2019 06:24 PM

Hi Experts,

I have task of configuring TACAC with different user level for all routers and switches,

To elaborate more, I have engineer , analyst and site engineers so I want to configure centralized tacac authentication with different privilage levels for different categories of network engg. , analyst, site engineer,

can anybody explain about this how to proceed with ACS 5.2 and what configuration is required in device level.

I am perticularly looking for acs 5.2 configuration steps.

Looking forward to get reply.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to vinodjad1234

‎09-15-2011 01:59 AM

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/policy_mod.html#wp1076053

In "default device admin" simply create authorization rules.

They should look like "if user type/group = site engineer then assign shell profile X"

You then have to define the shell profile in policy elements and put in there all the privileges of your site engineer.

And so on for the other roles

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎09-14-2011 11:07 AM

Assigning different privileges level to different user types is easy.

Do these privileges also vary depending on the type of device accessed ?  Can you be more specific ?

What you ask seem to be just indicated in the acs 5.2 user guide, so I'm not sure if there is anything tricky in your question that I missed.

0 Helpful

Go to solution
vinodjad1234
Level 2
Level 2
In response to Nicolas Darchis

‎09-14-2011 11:46 PM

Hi Nicolas,

Thanks for your reply.

We have all distribution swithces ( L3 switch ) and later all routers ( CE routers ) to configured with tacac.

I just need steps to be followed in ACS configuration for this task .

0 Helpful

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to vinodjad1234

‎09-15-2011 01:59 AM

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/policy_mod.html#wp1076053

In "default device admin" simply create authorization rules.

They should look like "if user type/group = site engineer then assign shell profile X"

You then have to define the shell profile in policy elements and put in there all the privileges of your site engineer.

And so on for the other roles

0 Helpful

Go to solution
vinodjad1234
Level 2
Level 2
In response to Nicolas Darchis

‎09-19-2011 11:03 PM

Hi Nicolas,

Sorry for late reply.

I just read your reply and you made quite easier for me to go further and understand this.

0 Helpful
Customers Also Viewed These Support Documents