Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
2
Replies

AAA Access per user group

jlhainy
Level 2
Level 2

‎08-08-2005 09:03 AM - edited ‎03-10-2019 02:15 PM

Hello,

I am having an authorization issue with ACS 3.2.3.

This is what I am trying to do: I have 2 Network Device Groups, one called core the other called edge. I have 2 groups of admins. One is Core admins and other is LAN admins. What I am trying to do is set up authorization so that the LAN admins can telnet into into the edge switches that belong to the edge Network Device Group. They will have the enable password for those devices so they can do whatever they need to do.

However, if they telnet into a core device I want the authorization to stop them so that they can't even connect to the device.

So my Lan admins will get full access to edge devices, but zero access to core devices. This is what I am trying to accomplish.

The closest I have come is allowing the LAN people to telnet or ssh to a core device, but not giving the enable password. So they have "read only" access to core devices. I don't even want this. How can I configure ACS to give me this behavior? I already have my aaa config in my network device configs.

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎08-12-2005 04:08 AM

Here is a document on Setting Network Access Restrictions for a User Group.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/g.htm#81096

0 Helpful

jlhainy
Level 2
Level 2
In response to owillins

‎08-12-2005 11:25 AM

Perfect! That was an excellent document. Thank you very much.

0 Helpful
Customers Also Viewed These Support Documents