Table of Contents
Advertisement
Chapter 7
Setting Up and Managing User Accounts
Typically, you define (shared) NARs from within the Shared Components section
so that these restrictions can be applied to more than one group or user. For more
information, see the
on page
Restriction check box on the Advanced Options page of the Interface
Configuration section for this set of options to appear in the Cisco Secure ACS
HTML interface.
However, Cisco Secure ACS also enables you to define and apply a NAR for a
single user from within the User Setup section. You must have enabled the
User-Level Network Access Restriction setting under the Advanced Options page
of the Interface Configuration section for single user IP-based filter options and
single user CLI/DNIS-based filter options to appear in the Cisco Secure ACS
HTML interface.
When an authentication request is forwarded by proxy to a Cisco Secure ACS,
Note
any NARs for TACACS+ requests are applied to the IP address of the
forwarding AAA server, not to the IP address of the originating AAA client.
To set NARs for a user, follow these steps:
Perform Steps 1 through 3 of the
Step 1
page
Result: The User Setup Edit page opens. The username being added or edited
appears at the top of the page.
To apply a previously configured shared NAR to this user, follow these steps:
Step 2
Note
a.
78-13751-01, Version 3.0
"Shared Network Access Restrictions Configuration" section
5-7. You must have selected the User-Level Shared Network Access
7-5.
To apply a shared NAR, you must previously have configured it under
Network Access Restrictions in the Shared Profile Components
section. For more information, see the
Restrictions Configuration" section on page
Select the Only Allow network access when check box.
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
"Adding a Basic User Account" section on
"Shared Network Access
5-7.
Basic User Setup Options
7-13
Advertisement
Table of Contents
Troubleshooting
