Restricting User access to Router with TACACS Freeware

Discussion in 'Cisco' started by Frank Beider, Oct 17, 2003.

  1. Frank Beider

    Frank Beider Guest

    I have setup the freeware TACACS (Tac_plus) server from cisco . This TACACS
    server authenticates all users accessing routers on our network.

    A situation has arisen were we want to allow only only certain users to
    access certain routers using the Freeware TACACS server.

    For example we want a user to be able to login router A but not be allowed
    to login to router B.

    How can this be accomplished using the Freeware TACACS server based on
    specific usernames?

    Any ideas would be appreciated.

    Thank You
     
    Frank Beider, Oct 17, 2003
    #1
    1. Advertising

  2. Frank Beider

    Scott Guest

    We do this with a modified version (http://www.portal-to-web.de/tacacs/) of
    the free Cisco TACACS server. The mod is the addition of a radius client.
    The TACACS server accepts a TACACS authentication request and basically acts
    as a proxy who then sends the request to a Radius Server. We use Windows
    2000 with the built in radius server (IAS) with Remote Access Policies
    defined.

    This allows us to use centralized authentication and only allow admins at
    site X access to that sites equipment. On the other hand, the Corporate
    engineers are able to login to all the equipment.





    "Frank Beider" <> wrote in message
    news:bmp07v$2a90$...
    > I have setup the freeware TACACS (Tac_plus) server from cisco . This

    TACACS
    > server authenticates all users accessing routers on our network.
    >
    > A situation has arisen were we want to allow only only certain users to
    > access certain routers using the Freeware TACACS server.
    >
    > For example we want a user to be able to login router A but not be allowed
    > to login to router B.
    >
    > How can this be accomplished using the Freeware TACACS server based on
    > specific usernames?
    >
    > Any ideas would be appreciated.
    >
    > Thank You
    >
    >
     
    Scott, Oct 18, 2003
    #2
    1. Advertising

  3. Frank Beider

    Jason Kau Guest

    Frank Beider <> wrote:
    > I have setup the freeware TACACS (Tac_plus) server from cisco . This TACACS
    > server authenticates all users accessing routers on our network.
    >
    > A situation has arisen were we want to allow only only certain users to
    > access certain routers using the Freeware TACACS server.
    >
    > For example we want a user to be able to login router A but not be allowed
    > to login to router B.
    >
    > How can this be accomplished using the Freeware TACACS server based on
    > specific usernames?


    You can't--you need the need Cisco Secure ACS to specify refuse/allow
    authorization attributes on a per-user or per-group basis.

    --
    Jason Kau
    http://www.cnd.gatech.edu/~jkau
     
    Jason Kau, Oct 18, 2003
    #3
  4. Jason Kau <> writes:

    >Frank Beider <> wrote:
    >> I have setup the freeware TACACS (Tac_plus) server from cisco . This TACACS
    >> server authenticates all users accessing routers on our network.
    >>
    >> A situation has arisen were we want to allow only only certain users to
    >> access certain routers using the Freeware TACACS server.
    >>
    >> For example we want a user to be able to login router A but not be allowed
    >> to login to router B.
    >>
    >> How can this be accomplished using the Freeware TACACS server based on
    >> specific usernames?


    >You can't--you need the need Cisco Secure ACS to specify refuse/allow
    >authorization attributes on a per-user or per-group basis.


    Tac_plus is a modified tacacs+ that does allow this..

    http://www.shrubbery.net/tac_plus/

    --
    Doug McIntyre
    Network Engineer/Jack of All Trades
    Vector Internet Services, Inc.
     
    Doug McIntyre, Oct 20, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jens Nykær
    Replies:
    0
    Views:
    1,802
    Jens Nykær
    May 26, 2004
  2. =?Utf-8?B?Q3VydGlz?=

    restricting user access

    =?Utf-8?B?Q3VydGlz?=, Jun 6, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    414
    =?Utf-8?B?Q3VydGlz?=
    Jun 6, 2006
  3. Gerald Vogt

    Restricting WZC configuration for limited user accounts?

    Gerald Vogt, Jan 15, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    422
    Gerald Vogt
    Jan 15, 2007
  4. Stephen Williams

    Restricting user access in Windows XP Home

    Stephen Williams, Jul 9, 2004, in forum: NZ Computing
    Replies:
    10
    Views:
    1,515
    frederick
    Jul 12, 2004
  5. Replies:
    0
    Views:
    484
Loading...

Share This Page