[c-nsp] TACACs access filtered by device
Walter Keen
walter.keen at RainierConnect.net
Fri Aug 7 11:28:06 EDT 2009
We take it another step, using the linux tac-plus, specifying a acl for
each user, and commands they can or cannot run.... The only problem
we've run into is one user who needs higher access on one router but
still limited access on another, we've gotten around that a little bit
by setting privilege levels in the routers, and making tacacs send the
privilege level data to router, but we still had one or two cases where
one user had to have 2 usernames for different routers (and acl's to
make sure they didn't use the wrong one on the wrong router)
If anyone's interested, i can send an example offline.
luismi wrote:
> Yes! seems to be pretty simple I will try it today :-D
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Walter Keen
Network Technician
Rainier Connect
(o) 360-832-4024
(c) 253-302-0194
More information about the cisco-nsp
mailing list