Re: AS5300 & CiscoSecure Capabilities

["Rodney van den Oever" <roever () nse simac nl>]

> > Is it possible to restrict a dialin user to a specific IP address with
> > either the AS5300 or CiscoSecure?  We are currently using both solutions
> > but I need to restrict Vendor access into the network.

> Cisco claims that you can use CiscoSecure to hand over
> an abribtrary access-list to a user's dialup port based on
> their username.  I haven't verified this myself, but one of
> my co-workers has, and is using it this way.

Not specific to CiscoSecure, there are a number of tacacs(+) and radius
daemons that can do this.

Cisco has a freeware tacacs+-implementation for Unix-systems and they know
offer a free and supported (!) tacacs+-server for use with a single NAS for
Windows NT (EasyACS). Easy setup and configuration using a webbrowser.

--
Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53
An updated version of 'A Christmas Carol' would still have Marley's Ghost
visit Scrooge, but it would be BOB Marley, playing a calypso!.- James
Fischer