daniel.m.williams1,

I am not sure how much the Menus in ACS 5.6 have changed compare to ACS 5.4(we still have but started moving to ISE 2.0 for TACACS.) But I will throw my idea out anyway and hopefully give you some progress. I am not familiar with Lantronix devices but are they configurable with TACACS?

Here's how I will try to solve this in ACS 5.4. Make sure you also have approriate Shell Profile and Command Sets in the Authorization rules below.

1. Users and Identity Stores > Identity Groups > Create Group A and B > Save.

2. Users and Identity Stores > Internal Identity Stores > Users > Create the users > When creating the users, assign them to their respective Identity Group in Step 1(Group A and B) > Save.

3. Users and Identity Stores > Identity Store Sequences > Create Identity Store = Local for example > In Additional Attribute Retrieval Search List, select Internal Users > Save.

4. Policy Elements > Session Conditions > Network Conditions > Device Filters > Create Device Filter = Group A > Select IP Address tab then check mark Device IP > Add the ip address of the devices > Create Device Filter = Group B > Select IP Address tab then check mark Device IP > Add the ip address of the devices > Submit.

5. Access Policies > Access Services > Create the Access Service > Identity = Local in Step 3 > Authorization > Customize > Add Device Filter and Identity Group > Click OK > Create Authorization Rule 1> Select Device Filter = Group A > Select Identity Group = Identity Group A in Step 1 > Click OK > Create Authorization Rule 2 > Select Device Filter = Group B > Select Identity Group = Identity Group B in Step 1 > Click OK

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks***