[c-nsp] TACACs access filtered by device
Peter Rathlev
peter at rathlev.dk
Fri Aug 7 10:21:32 EDT 2009
On Fri, 2009-08-07 at 13:01 +0200, luismi wrote:
> We have here several Cisco devices and I would like to know if it is
> possible to filter who get access to some specific devices using the
> tacacs.conf file or the AAA configuration inside the devices.
>
> Is that possible?
It is, and it works like a charm. The link Christopher Hunt posted has a
good example. We use it e.g. like this:
acl = pop1-access {
permit = ^10\.0\.0\.
}
user = example-pop1-operator {
member = admin
acl = pop1-access
}
group = other-example-acl {
acl = pop1-access
}
Regards,
Peter
More information about the cisco-nsp
mailing list