04-28-2009 01:36 AM - edited 03-10-2019 04:27 PM
Hi...
We have a ACS Appliance integrated with MS AD and users are authenticated successfully.
Our Requirement is that, we have 3 Departments with 20 Edge Switches each. I have created 3 Network Device Groups (NDG) for each department in ACS with 20 Switches each.
Now, if i create a user, he can log onto all the 3 department's Edge switch, since it is under the same ACS.
I want a particular user to authenticate only to his associated department's NDG.
Hope my Question is clear.. Please pass your comments.
thanks a lot,
Jafar
Solved! Go to Solution.
04-28-2009 02:18 AM
Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.
For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.
Hope this helps
Ahmed
04-28-2009 02:18 AM
Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.
For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.
Hope this helps
Ahmed
04-28-2009 05:32 AM
You can set it up using NAR in ACS.
http://cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml
Regards,
~JG
Do rate helpful posts
04-30-2009 12:28 AM
Hi Ahmed,
Thanks a lot.. I did a research on NAR and made it work...
Thanks
Jafar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide