ACS Device Groups Question

Answered Question
Aug 28th, 2007

Hi,

I have ACS setup with a device group that covers a large number of devices on my network and I apply rights to this as necessary.

But now I need to give a group of users access to a single device that is included within this group. I can't create a new device group to cover this single device as the address overlaps. Is there a way I do this without having to split up my existing device group into at least 3.

Correct Answer by rochopra about 9 years 6 months ago

Hi,


This can be achieved by using Network Access Restriction (NAR) in ACS.


By NAR you can Permit/deny access user/group based on Device/NDG/NAF.


Following link can give you more detail on it:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml


Note: if you don't get the option for NAR enable it from interface configuration.


~Rohit

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rochopra Tue, 08/28/2007 - 08:37

Hi,


This can be achieved by using Network Access Restriction (NAR) in ACS.


By NAR you can Permit/deny access user/group based on Device/NDG/NAF.


Following link can give you more detail on it:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml


Note: if you don't get the option for NAR enable it from interface configuration.


~Rohit

Actions

This Discussion