Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
5
Helpful
3
Replies

Different Privilege for AAA users in ISE

Go to solution
NeWGuy1109
Level 1
Level 1

‎01-14-2022 07:50 AM

I am using Cisco ISE 3.0 in the environment where i have created Internal Users in ISE Identity Management.

I created and assigned users in 2 identity groups namely L3 and helpdesk

 

My requirement is that certain users need to have Write access to some devices and Read only to other devices but in conditions i dont see any mapping wrt to username ..all are based on identity groups

Is it possible to achieve this ? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-15-2022 08:57 PM

Hi

 

Just for my information, you're talking about radius or tacacs?

The difference between write and read accesses are the same for all users with the same group?

Example: All users from L3 groups will have the same rights or they could have different rights?

If users within the same group have different rights, then you will need to create different groups and create the policy accordingly.

 

Example:

you can create groups like:

- RW_CORE: full access to core switches

- RO_CORE: read only access to core switches

- RW_ROUTERS: full access to core switches

- RO_ROUTERS: read only access to core switches

- RW_ACCESS: full access to core switches

- RO_ACCESS: read only access to core switches

 

So if you have mixed right for every users, you can just assign them the correct group:

a user who needs RW on CORE and ACCCESS but only RO on Routers will have the groups: RW_CORE, RW_ACCESS, RO_ROUTERS

 

Does that make sense?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-15-2022 08:57 PM

Hi

 

Just for my information, you're talking about radius or tacacs?

The difference between write and read accesses are the same for all users with the same group?

Example: All users from L3 groups will have the same rights or they could have different rights?

If users within the same group have different rights, then you will need to create different groups and create the policy accordingly.

 

Example:

you can create groups like:

- RW_CORE: full access to core switches

- RO_CORE: read only access to core switches

- RW_ROUTERS: full access to core switches

- RO_ROUTERS: read only access to core switches

- RW_ACCESS: full access to core switches

- RO_ACCESS: read only access to core switches

 

So if you have mixed right for every users, you can just assign them the correct group:

a user who needs RW on CORE and ACCCESS but only RO on Routers will have the groups: RW_CORE, RW_ACCESS, RO_ROUTERS

 

Does that make sense?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
NeWGuy1109
Level 1
Level 1
In response to Francesco Molino

‎01-18-2022 09:08 AM

Thanks for your reply.. i exactly went about it like this only.. user privilige was distributed among various types of devices so i created L3 & L2 groups and mapped them accordingly.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to NeWGuy1109

‎01-20-2022 06:32 PM

glad it's working accordingly to your requirements.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents