ACS 4.1 NAR

- D
- dt1649651
  
  Contact options for registered users
posted
16 years ago

Tue, Aug 21, 2007 8:02 PM

I am trying to limit the access to the routers via NAR using ACS 4.1 but I get some strange results.

My worksation is 192.168.249.210 and the ACS's per-user NAR is set as follows :

Table Defines : Permitted Calling/Point of Access Locations All AAA Clients , port 23, IP address 192.168.249.210

With the above settings, I cannot login to the router while I expect I should be able to.

When I change the Table Defines to Denied Calling / Point of Access Locations, then I can login, not only from .210 but from everywhere.

I thought the "Permitted" means allowed, and Denied means "not allowed".

Any advice is greatly appreciated,

Loading thread data ...

- D
- dt1649651
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Wed, Aug 22, 2007 2:53 PM

I should have read the TACACS+ protocol more carefully before posting that question. The "port " in this case is an ascii string that species the port of the NAS device, not the IP-protocol port. This ascci-string port can be checked easily when loojing into the Failed Attemps log of ACS.

All works as expect now.

Just another example of doing without reading. Shame on me !

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.