From: Hai Minh (minh@ipmac.com.vn)
Date: Fri Dec 03 2004 - 06:33:45 GMT-3
I think the command "aaa authorization reverse-access" will resolve my
problem, am I wrong ?
Thanks
----- Original Message -----
From: Hai Minh
To: ccielab@groupstudy.com
Sent: Friday, December 03, 2004 4:22 PM
Subject: OT : Configure Access Server to authorize Reverse Telnet's
commands
Hi group,
I'm configuring aaa on a 2511 to authorize commands to a tacacs+ server.
On 2511, I creat a loopback with address 10.10.10.10. On tacacs+ server, I
creat an user "test" and I restrict thist user to use the command "reload".
Then I test, the "test" certainly has not permission to use "reload".
On tacacs+ server, I add an auto-command "telnet 10.10.10.10 2001"to
user "test". When I telnet to 2511 with user "test", it perform automatically
reverse telnet to another router - I named it R1. But now "test" has full
control on router R1. I tried to configure 2511 and tacacs+ server to
authorize any command that "test" use on router R1 but it's seem impossible. I
don't want to configure aaa on router R1.
Does anyone knows how to config 2511 to authorize reverse telnet's
command ? I'm using Cisco ACS 3.1 and I don't find any options to do it.
Thanks in advance
Hai Minh.
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:24 GMT-3