Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
5
Helpful
2
Replies

Restricting Access to a Group to Certain Devices Not in a NDG

gerardwest
Level 1
Level 1

‎04-27-2004 12:57 PM - edited ‎03-10-2019 07:46 AM

I'm trying to setup our ACS servers so that users assigned to a certain group can access certain routers from anyway. These routers, approx. 10, are in different NDGs. Can I list these routers in the group's settings as the only routers member in this group can access?

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎04-27-2004 03:52 PM

Sure, you'll just have to add them in one-by-one if they're not all in one NDG, but that's fine.

In the group, under the Network Access Restrictions section, under Per Group Defined Network Access Restrictions check the Define IP-based restrictions box. Table defines the Permitted calling points, then in the table below that add in each router one-by-one, use * for Port and Address. Submit and Restart and off you go, users in this group will only be able to authenticate to the devices you've added to the table.

gerardwest
Level 1
Level 1
In response to gfullage

‎04-28-2004 11:25 AM

When I first tried this I was entering a port number and ip addr. With the * in both fields the access works as I need it to. Many thanks!!!

0 Helpful
Customers Also Viewed These Support Documents