03-12-2019 08:12 PM
Hi,
I have a inquiry for the large organization. How to config the ISE 2.4, only give some people that have full access to some of the Cisco devices that have AAA link to the same ISE server.
Regards
Kevin
Solved! Go to Solution.
03-13-2019 08:13 PM
You just create your Location NDGs to accomplish what you want. The classic example is a world wide company with global admins, regional admins (NA, LATAM, EMEA and APAC) and country level admins. So your Location structure can look like this:
All Locations
North America
LATAM
Brazil
EMEA
France
APAC
Then you can write policy sets at the theater level. So lets say France and Brazil have country level admins but the rest of the region doesn't
Policy Set- LATAM (if Location starts with All Locations#LATAM)
Build out your policy set as granular as you want using location attributes.
03-12-2019 08:37 PM
03-13-2019 02:30 PM
Hello,
We are using TACACS only. We have one AAA system (Primary ISE and Secondary ISE) to manage about 5000 Cisco devices.
But some local Administrators want to have full access of their 10 Cisco devices.
I can understand to group those 10 Cisco devices, and create those local Administrators in a group.
But how to create the Authorization Policy that only allow those local Administrators to control those 10 Cisco devices? I do not want them to access my other 4990 devices. Also my accounting should be work too.
Regards
Kevin
03-13-2019 08:13 PM
You just create your Location NDGs to accomplish what you want. The classic example is a world wide company with global admins, regional admins (NA, LATAM, EMEA and APAC) and country level admins. So your Location structure can look like this:
All Locations
North America
LATAM
Brazil
EMEA
France
APAC
Then you can write policy sets at the theater level. So lets say France and Brazil have country level admins but the rest of the region doesn't
Policy Set- LATAM (if Location starts with All Locations#LATAM)
Build out your policy set as granular as you want using location attributes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide