[c-nsp] aaa local database

Tomas Hlavacek tomas.hlavacek at elfove.cz
Mon Aug 18 08:12:38 EDT 2008


I should have told that I want this on 2811 with 12.4(20)T 
ADVIPSERVICESK9 IOS image.


Alasdair Gow wrote:
> What device are you trying to do this on?
>
> I know ASA's have dynamic policies, which you could customise to do this....
>
> Cheers,
> Ally
>
> Tomas Hlavacek wrote:
>   
>> Hello!
>>
>> I am thinking about aaa local database. Is there any mechanism to
>> distinguish local users (defined by username ...) or put them into
>> some groups and give them access to only some services?
>>
>> For instance I have two users
>>
>> username alice password xxx
>> username bob password yyy
>>
>> aaa new-model
>> aaa authentication login default local
>> aaa authentication ppp default local
>> aaa authorization network default local
>>
>> Now bob and alice can login to router and also dial ppp.
>>
>> What if I want alice to have right only to login to router and bob
>> only to dial ppp?
>>
>> Thanks,
>> Tomas
>>
>>     
>
>
>   
-- 
Tomáš Hlaváček <tomas.hlavacek at elfove.cz>



More information about the cisco-nsp mailing list