[tac_plus] Is there a config ACL to limit Client IP, not NAS IP?
Matt Almgren
matta at surveymonkey.com
Sat Aug 1 23:50:50 UTC 2015
I'm aware of the Host ACL usage in TACACS:
acl = TEST-ACL {
# Permit these NAS to login via TACACS
permit = ^10\.
}
But is there any configuration that will limit which client (i.e. rancid server) is able to authenticate with TAC+ ? I'm trying to lock down RANCID so only that server/user can login to our network equipment with certain privileges.
I think this might be feasible with do_auth, but I haven't played around with that yet.
--
Matt Almgren, Sr. Networking Engineer
101 Lytton Ave., Palo Alto. CA 94301
matta at surveymonkey.com
408.499.9669
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150801/784c14b6/attachment.html>
More information about the tac_plus
mailing list