cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
416
Views
0
Helpful
1
Replies

ACS Server question

bretjaquish
Level 3
Level 3

Hi all,

I need to allow access for all groups to a single test device. We have groups configured as such:

Router Group: Contains all Routers in corp

Switch Group: 1 per site contains local switches

User Groups: 1 per site + corp IT

Typically the LAN Admins for each site can only access the layer 2 switches.

The Network Engineers can access everything.

I need to allow everyone in the ACS server access to one device for testing SSH.

What is the easiest way of handling this?

Should I just create a new device group and then add that to each of the user group's allowed devices?

Is there a way to create a "global" group that would have access to the single device?

1 Reply 1

darpotter
Level 5
Level 5

I would suggest creating some Shared NARs for each group of devices - I assume these are already in NDGs. These should be permit ip filters.

In each ACS group you can map from NDG to Shared NAR adding just those that a relevant. Anything not specifically listed would result in a deny.