Changing access list on virtual-access interface?

Discussion in 'Cisco' started by Yehavi Bourvine, Aug 25, 2004.

  1. Hello,

    I would like to do some processing on our dialin users (modems & ADSL) by
    implementing the following mechanism:

    - The user dials-in, authenticates, and then granted a limited access
    (via an interface access list).

    - After we are done our checks (some client-server application running from our
    control center to the home user) I would like to change his access rights
    by changing (or removing) the access list.

    The problem is that we are using virtual templates from which each user gets a
    virtual-access interface; it is not possible to change an access list on this
    specific virtual-access interface.

    Any idea how can I implement such a thing easily? We are using a home-built
    Tacacs+ server (based on one of the early public implementations of it).

    Thanks! __Yehavi:
    Yehavi Bourvine, Aug 25, 2004
    #1
    1. Advertising

  2. Yehavi Bourvine

    Hansang Bae Guest

    In article <2004Aug25.133849@hujicc>, says...
    > Hello,
    >
    > I would like to do some processing on our dialin users (modems & ADSL) by
    > implementing the following mechanism:
    >
    > - The user dials-in, authenticates, and then granted a limited access
    > (via an interface access list).
    >
    > - After we are done our checks (some client-server application running from our
    > control center to the home user) I would like to change his access rights
    > by changing (or removing) the access list.
    >
    > The problem is that we are using virtual templates from which each user gets a
    > virtual-access interface; it is not possible to change an access list on this
    > specific virtual-access interface.
    >
    > Any idea how can I implement such a thing easily? We are using a home-built
    > Tacacs+ server (based on one of the early public implementations of it).



    The first part is easy. Just use Lock & Key ACL.

    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
    fsecur_c/ftrafwl/scflock.htm

    Not sure if I can help you with the second requirement though.
    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Aug 26, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dan Lanciani
    Replies:
    3
    Views:
    3,903
    Aaron Leonard
    Jul 10, 2003
  2. Matthew Melbourne
    Replies:
    0
    Views:
    747
    Matthew Melbourne
    Nov 11, 2003
  3. Andrea
    Replies:
    0
    Views:
    855
    Andrea
    Apr 19, 2004
  4. PS2 gamer
    Replies:
    6
    Views:
    6,780
    Hansang Bae
    Jun 9, 2004
  5. Gary
    Replies:
    1
    Views:
    2,585
Loading...

Share This Page