[tac_plus] Is there a config ACL to limit Client IP, not NAS IP?
Matt Almgren
matta at surveymonkey.com
Sun Aug 2 03:01:48 UTC 2015
Re-sending. I didn't see this make it to the list.
--
Matt Almgren, Sr. Networking Engineer
101 Lytton Ave., Palo Alto. CA 94301
matta at surveymonkey.com
408.499.9669
________________________________
From: Matt Almgren
Sent: Saturday, August 1, 2015 4:50 PM
To: tac_plus at shrubbery.net
Subject: Is there a config ACL to limit Client IP, not NAS IP?
I'm aware of the Host ACL usage in TACACS:
acl = TEST-ACL {
# Permit these NAS to login via TACACS
permit = ^10\.
}
But is there any configuration that will limit which client (i.e. rancid server) is able to authenticate with TAC+ ? I'm trying to lock down RANCID so only that server/user can login to our network equipment with certain privileges.
I think this might be feasible with do_auth, but I haven't played around with that yet.
--
Matt Almgren, Sr. Networking Engineer
101 Lytton Ave., Palo Alto. CA 94301
matta at surveymonkey.com
408.499.9669
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150802/277cd2cc/attachment.html>
More information about the tac_plus
mailing list