Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1964
Views
0
Helpful
5
Replies

Cisco 2901 terminal server and restricting access

cciesec2011
Level 3
Level 3

‎04-20-2011 10:46 AM - edited ‎03-04-2019 12:08 PM

I have a Cisco 2901 Terminal server with AAA authentication via ACS server.  I create two
accounts on the acs server, cciesec2011 and vendor.  Both accounts can log into the Cisco
2901 Terminal Server without any issues.  By the way, I am NOT using AAA authorization on
the  Cisco Terminal Server.  Once cciesec2011 or vendor accounts are authenticated, these
accounts can access all the async line on the Cisco Terminal Server.

Now I have a new requirements.  I would like to allow cciesec2011, once this account is
successfully authenticated, this account has access to ALL async line on the Terminal
Server.  The "vendor" account, I want to restrict this account access only to async
line 35 (there are 32 async lines available on the Cisco Terminal Server) and nothing
else.

How can I accomplish without using AAA authorization on the Cisco Terminal Server?
Is it possible to use "privlege level" to accomplish this?  if so, how?

Thanks in advance.

Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎04-21-2011 08:13 AM

write a "menu" that is delivered based on username.

HTH>

0 Helpful

david.tran
Level 4
Level 4
In response to andrew.prince

‎04-21-2011 11:14 AM

How do you do that when the username is on the ACS server?  From the example below, the username is "local":

http://routerric.blogspot.com/2008/10/cisco-menu.html

0 Helpful

andrew.prince
Level 10
Level 10
In response to david.tran

‎04-22-2011 03:35 AM

I am no ACS exeprt - but I do know how to use google - search on "cisco acs auto menu command"

0 Helpful

cciesec2011
Level 3
Level 3
In response to andrew.prince

‎04-22-2011 05:39 AM

Ofcourse, it can be done with ACS for autocommand but AAA authorization is required.  In my original post, I was trying to avoid it.  How can it be done with the username on the ACS but AAA authorization is local on the cisco terminal server?

0 Helpful

andrew.prince
Level 10
Level 10
In response to cciesec2011

‎04-22-2011 11:38 AM

Well AFAIK the router has to refer to the authorization for exec to the ACS for it to work.

Your other option is just create a local user on the TS and refer the menu to the local db.

HTH>

0 Helpful
Top