Solved: Cisco Prime Device Access Control via TACACS Authentication

Steven Chua · ‎08-01-2012

Hi,

I have deployed a Cisco Prime Lan Management Server and I have configure for TACACS authentication and authorization for users accessing the Prime box via Cisco ACSv5.2. As I have two groups of users, I would like to restrict the access right to the Cisco Prime for these two groups of users (access rights of Helpdesk for one group and Super Admin for another group). I am able to authencated successfully via the Cisco ACSv5.2 however I am always seem to be given the rights of Helpdesk only.

Please advice.

Many Thanks in Advance.

Rgds

Vinod Arya · ‎08-01-2012

With Prime series or LMS 4.x onwards, any PAM (pluggable Auth. Module) provides only authentication to users. for Authorization on what access one should have the user should be locally configured on the LMS with required Authorization. Those users who are in AAA server will be given bydefault help desk user acess.

For more details on this, see :

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/security.html#wp1167300

In short, add users in LMS whom you want to grand super admin access with same priv's.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **

View solution in original post

Vinod Arya · ‎08-01-2012