I need your help. I have to configure the ACS Server so that the network administrators can use their windows/Domain accounts to login to the network switches and routers. I have created 2 groups, one is the general and the other one is for network administrators. The problem is that, when I have created the accounts on the ACS server, it works fine. Like the network admin group is able to login to the switches while the other group users are not able to login to the switches. When I try to use the windows accounts that I have mapped to the groups, the network admin and other general group users both are able to login to the switches. Tell me how I can configure the policy to restrict the general group users (especially windows one) to not login to the switches. All other settings for both groups are by default. The general group has the following policy.
Per Group Defined Network Access Restrictions; Denied access to all AAA clients.
Please tell me the way to configure such thing.