07-26-2004 08:25 PM - edited 03-10-2019 07:55 AM
Hi,
I am trying to find a solution, for the following design,
We have over 250 Nortel Switches(Baystack 460).
Authetication works fine with ACS 3.2 Using Radius.
Now I want to do the following,
* I have 2 ADMIN groups
ADMINGP1: To manage 100 Switches with Admin Rights
and the remaing 150 switches as Read-only rights.
ADMINGP2: To Manage 150( 250 minus 100) Switches as Admin and the above mentioned 100 switches as read-only.
How can i do that, Since in the Groups/Radius settings of ACS, if i set Service-type=administraive, it gives admin rights to the users in this groups to all 250 switches.
Is there a work around of grouping RADIUS devices a assigning rights to the groups?
Any inputs.
Thanks and Regards,
FG
08-03-2004 11:39 PM
Any update on this?
08-04-2004 01:57 AM
Hi,
Nope, no updates.
But the possible solution to this would be,
* To groups the RADIUS Devices i.e Network Devices group (Which is possible in ACS)
* Apply RADIUS attributes on the User groups based on the NDG.(Which I understand is not possible in ACS)
Example,
For ADMINGP1 apply service type=administarive on NDG-Group1
For ADMINGP2 apply service type=NAS Prompt on NDG-Group1
and vice versa on Group2
I don't think the above can be implemented on ACS3.2,
But if the above solution is possible, could someone throw some light on it.
Thanks and Regards,
FG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide