[tac_plus] Re: Redesign?
Kiss Gabor (Bitman)
kissg at ssg.ki.iif.hu
Thu Jul 8 04:56:20 UTC 2010
> > Why don't you show us some example configs? :-)
>
> group = my_group {
> acl = my_acl
> tty = vty[0-4]
> time_of_day = Mon-Fri,8a-9p
> max_sessions = 2
> }
>
> user = fred {
> member = my_group
> }
Fine. :-)
Let's see a bit more complex case.
If Fred logs in terminal_server_A (192.168.0.1) {
If logs in on the console or aux port {
Execute autocommand "show ip bgp"
}
If logs in on the first three modem (tty0-2) {
Execute autocommand "ppp"
and set ip access-group 42 for incoming packets
}
If logs in on any other modem (tty*) {
Execute autocommand "slip"
}
If logs in on vty* {
Give him an exec prompt
Set privilege level 2
Discard commands containing "ipv6"
}
}
If Fred logs in any NAS on network_B (192.168.0.0/25) [including the above!] {
On the weekends {
Executing "configure" command is not allowed
}
After 4pm and before 8am {
Executing "show interface" command is not allowed unless
he connect the NAS from 10.3.3.3
}
}
If Fred logs in any NAS [including the above] {
If he comes from 10.4.4.4 {
Set privilege level 15
}
}
Regards
Gabor
--
No smoke, no drugs, no vindoze.
More information about the tac_plus
mailing list