Ho to prevent vpdn users to access router ?

Discussion in 'Cisco' started by John Doe, Oct 16, 2006.

  1. John Doe

    John Doe Guest

    Hi

    I have a router configured as vpdn dial-in device. I authenticate via radius. How can I prevent my dial-in users to login to the router itself. Some of the dial-in users are also admins, and I do not want to remove the radius auth on login.

    My config:

    aaa authentication login default local group radius
    aaa authentication login console none
    aaa authentication ppp default local group radius
    aaa authorization network default local group radius
    aaa authorization auth-proxy default group radius

    Typical radius users

    myuser User-Password == "fatchance"
    Service-Type = Framed-User, Framed-Protocol = PPP, Filter-Id = "StdUser"

    Brgds Johan
     
    John Doe, Oct 16, 2006
    #1
    1. Advertisements

  2. John Doe

    Peter Guest

    Hi John,
    Its actually very simple, just put an ACL on the VTY port either
    blocking access from the untrusted segment or allowingn only trusted
    segments in.

    Cheers..............pk.
     
    Peter, Oct 17, 2006
    #2
    1. Advertisements

  3. John Doe

    John Doe Guest

    Well thanks.. Yes, that is one way, but my network admins may move around,
    and I would like the freedom of allowing them access from whereever they
    may be. Is there no parameter in Radius where you can control who has access
    to login to IOS, and who can use the box as endpoint for a vpn ?

    Brgds Johan
     
    John Doe, Oct 20, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.