ACS Server question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2009 07:21 AM - edited 03-12-2019 05:38 PM
Hi all,
I need to allow access for all groups to a single test device. We have groups configured as such:
Router Group: Contains all Routers in corp
Switch Group: 1 per site contains local switches
User Groups: 1 per site + corp IT
Typically the LAN Admins for each site can only access the layer 2 switches.
The Network Engineers can access everything.
I need to allow everyone in the ACS server access to one device for testing SSH.
What is the easiest way of handling this?
Should I just create a new device group and then add that to each of the user group's allowed devices?
Is there a way to create a "global" group that would have access to the single device?
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2009 11:59 PM
I would suggest creating some Shared NARs for each group of devices - I assume these are already in NDGs. These should be permit ip filters.
In each ACS group you can map from NDG to Shared NAR adding just those that a relevant. Anything not specifically listed would result in a deny.
