1. To do thi is not trivial. It will require
you to put all the commands that you want the users to execute in a custom
command level on the cisco router. For example you can think of all the allowed
commands and put them in level 5. Once you do that, you can now use radius
to authorize the use the commands in that command level as such aaa new-model #
starting AAA services on the router aaa authorization command 5 group radius #
All level 5 commands, which you have declared, are authorized against the
radius server. 2. You have to have a way of identifying your
users ( eg by ip address, network address, etc etc ). Assuming you have a user on address
10.0.3.3 allowed to use telnet, the allowing him/her is a question of doing the
following in your ACL Access-list 101 permint tcp host 10.0.3.3
any eq telnet # Permit 10.0.3.3 to use telnet Access-list 101 deny tcp any any eq telnet #
Deny everyone else to use telnet Access-list 101 permit ip any any #
Permit all other ip traffic Just somewhere for you to start from. Regards, Herbert. From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lim Han Shyong Hi all: 1. How i configure the command authorization with
freeradius? which mean i only allow user to enter certain command during the
telnet session.
|
- RE: Cisco Command authorization Herbert Maosa
- RE: Cisco Command authorization Lim Han Shyong
- Re: Cisco Command authorization Carl