From: Joshua Gray (JGRAY@xxxxxxxx)
Date: Thu Oct 04 2001 - 10:12:43 GMT-3
Setup a device in ACS, but don't give it a IP. That is a way of telling ACS
to accept connections from all routers. Down side is security, so make the
secret key difficult. Just make sure ou set it up so you can still telnet
to it if the tacacs server is down.
-----Original Message-----
From: Dennis Bailey [mailto:amazingplace@prodigy.net]
Sent: Thursday, October 04, 2001 7:58 AM
To: ccielab@groupstudy.com
Subject: using Cisco Secure ACS to control terminal access to routers
I am wondering if anyone has been able to use CiscoSecure ACS (NT/2000
version) for controling
access to router console and vty lines. I am currently running ACS 2.5 and
am using it for authentication of dialup and vpn remote access users. I
have been trying to figure out how to use it to control access to my routers
but seem to get to a point where authentication fails and the message in the
failed attemps log is "unknown NAS"
Is it necessary to define every device in cisco secure for this to work? Is
there a default NAS config. I
know I must be missing something simple, I can get it to work fine when I
configure it for terminal access on one of my remote access routers (which
are defined as NAS in cisco secure) but nothing else.
Any ideas, links, examples, abuse....whatever you feel is
appropriate..except
one day lab stuff :-)
Thanks,
Dennis
**Please read:http://www.groupstudy.com/list/posting.html
This e-mail and any files transmitted with it are confidential and are intended
solely for the use of the individual or entity to whom they are addressed. If
you are NOT the intended recipient or the person responsible for delivering the
e-mail to the intended recipient, be advised that you have received this e-mai
l in error and that any use, dissemination, forwarding, printing, or copying of
this e-mail is strictly prohibited.
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:13 GMT-3