[c-nsp] TACACs access filtered by device

Walter Keen walter.keen at RainierConnect.net
Fri Aug 7 11:28:06 EDT 2009


We take it another step, using the linux tac-plus, specifying a acl for 
each user, and commands they can or cannot run.... The only problem 
we've run into is one user who needs higher access on one router but 
still limited access on another, we've gotten around that a little bit 
by setting privilege levels in the routers, and making tacacs send the 
privilege level data to router, but we still had one or two cases where 
one user had to have 2 usernames for different routers (and acl's to 
make sure they didn't use the wrong one on the wrong router)

If anyone's interested, i can send an example offline.

luismi wrote:
> Yes! seems to be pretty simple I will try it today :-D
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>   

-- 


Walter Keen
Network Technician
Rainier Connect
(o) 360-832-4024
(c) 253-302-0194



More information about the cisco-nsp mailing list