|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
dt1649651@yahoo.com
Guest
|
 Posted: Wed Aug 22, 2007 1:02 am Post subject: ACS 4.1 NAR |
 |
|
I am trying to limit the access to the routers via NAR using ACS 4.1
but I get some strange results.
My worksation is 192.168.249.210 and the ACS's per-user NAR is set as
follows :
Table Defines : Permitted Calling/Point of Access Locations
All AAA Clients , port 23, IP address 192.168.249.210
With the above settings, I cannot login to the router while I expect I
should be able to.
When I change the Table Defines to Denied Calling / Point of Access
Locations, then I can login, not only from .210 but from everywhere.
I thought the "Permitted" means allowed, and Denied means "not
allowed".
Any advice is greatly appreciated,
DT |
|
| Back to top |
|
 |
|
|
dt1649651@yahoo.com
Guest
|
| Posted: Wed Aug 22, 2007 3:39 pm Post subject: Re: ACS 4.1 NAR |
|
|
On Aug 21, 3:02 pm, "dt1649...@yahoo.com" <dt1649...@yahoo.com> wrote:
| Quote: | I am trying to limit the access to the routers via NAR using ACS 4.1
but I get some strange results.
My worksation is 192.168.249.210 and the ACS's per-user NAR is set as
follows :
Table Defines : Permitted Calling/Point of Access Locations
I should have read the TACACS+ protocol more carefully before posting |
that question.
The "port " in this case is an ascii string that species the port of
the NAS device, not the IP-protocol port.
This ascci-string port can be checked easily when loojing into the
Failed Attemps log of ACS.
All works as expect now.
Just another example of doing without reading. Shame on me !
DT
| Quote: | All AAA Clients , port 23, IP address 192.168.249.210
With the above settings, I cannot login to the router while I expect I
should be able to.
When I change the Table Defines to Denied Calling / Point of Access
Locations, then I can login, not only from .210 but from everywhere.
I thought the "Permitted" means allowed, and Denied means "not
allowed".
Any advice is greatly appreciated,
DT |
|
|
| Back to top |
|
|
|
|
