RE: using Cisco Secure ACS to control terminal access to routers

From: Harris, Joe F (Joe_Harris@xxxxxxxxxxxx)
Date: Thu Oct 04 2001 - 10:21:04 GMT-3

• Next message: Popovich, Michael: "RE: using Cisco Secure ACS to control terminal access to routers"
• Previous message: Joshua Gray: "RE: using Cisco Secure ACS to control terminal access to routers"
• Maybe in reply to: Dennis Bailey: "using Cisco Secure ACS to control terminal access to routers"
• Next in thread: Popovich, Michael: "RE: using Cisco Secure ACS to control terminal access to routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
aaa new-model
aaa authentication login TELNET group tacacs+ enable local none
aaa authentication login CONSOLE group tacacs+ enable local none
aaa authentication enable default group tacacs+ enable none
aaa authorization exec default group tacacs+ if-authenticated local none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host 10.191.24.15 single-connection key <removed>
tacacs-server host 10.191.24.199 single-connection key <removed>
line con 0
 session-timeout 10
 exec-timeout 5 0
 login authentication CONSOLE
 transport input none
line vty 0 4
 session-timeout 10
 access-class 12 in
 exec-timeout 5 0
 login authentication TELNET
 transport input lat pad mop telnet rlogin udptn nasi

-Joe Harris
CCIE# 6200

-----Original Message-----
From: Dennis Bailey [mailto:amazingplace@prodigy.net]
Sent: Thursday, October 04, 2001 7:58 AM
To: ccielab@groupstudy.com
Subject: using Cisco Secure ACS to control terminal access to routers

I am wondering if anyone has been able to use CiscoSecure ACS (NT/2000
version) for controling
access to router console and vty lines. I am currently running ACS 2.5 and
am using it for authentication of dialup and vpn remote access users. I
have been trying to figure out how to use it to control access to my routers
but seem to get to a point where authentication fails and the message in the
failed attemps log is "unknown NAS"

Is it necessary to define every device in cisco secure for this to work? Is
there a default NAS config. I
know I must be missing something simple, I can get it to work fine when I
configure it for terminal access on one of my remote access routers (which
are defined as NAS in cisco secure) but nothing else.

Any ideas, links, examples, abuse....whatever you feel is
appropriate..except
one day lab stuff :-)

Thanks,
Dennis
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Popovich, Michael: "RE: using Cisco Secure ACS to control terminal access to routers"
• Previous message: Joshua Gray: "RE: using Cisco Secure ACS to control terminal access to routers"
• Maybe in reply to: Dennis Bailey: "using Cisco Secure ACS to control terminal access to routers"
• Next in thread: Popovich, Michael: "RE: using Cisco Secure ACS to control terminal access to routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:13 GMT-3