Securing TTY lines

nicholasalexander · ‎01-03-2014

Hello Everyone! Long time reader first time poster on the Cisco Support Forums. I have found myself in waters where I could use some help and use some direction on where to get started. (It may not be possible for all I know!)

We have a Cisco 3660 router that has five nm-32a modules. What I am attempting to do is limit specific administrators to certain lines on the nm-32a module. Setting these up as TTY lines because I would have up to say 20 administrators configuring through this async module I would want User A to have control of lines 1-7 only while say user B had control of only lines 8-15. Using ACL's or AAA connected to TACACS/RADIUS/ACS is the approach I am trying to take but sure how/where to start.

I thought of creating user permissions within the parser but then that would limit me to a max of 16 users at a time from my understanding. Using out of band management and AAA is fairly new to me. I appreciate anyone that can explain to me if I'm going in the right direction or if there is a different/easier approach to doing this?

Thank you!

Nicholas Alexander

Tarik Admani · ‎01-03-2014

Nicholas,

Your best bet is to setup up TACACS where you policies are centralized, do you plan on using an existing TACACS environment or would you need to build one from scratch?

You can run the ACS in a trial version for 90 days by downloading the product first, and if you need any help please PM and we can talk further.

When you configure TACACS the line tty and the number should be sent in a tacacs attribute where you can build permissions on which users groups can gain access. You can also join ACS to Active Directory, LDAP, or token server or you can use local accounts.

Thanks,

Tarik Admani
*Please rate helpful posts*