Hi,
If I understand this right, you have multiple users that can access the routers and switches right now but would like it so only 1 username has access?
If so, you could use NARS (network access restrictions) and deny access to everyone else but the one specific user.
Just select
1.Group Setup
2.Select the group which "already has" router switch access, edit the group settings
3.Then scroll down to the "per group defined network access restrictions" Enable it with a checkmark.
4. Select deny calling/point
5. AAA client = routers and switches (NDG)
6. Ports = *
7. Address = *
8. Hit enter and the new rule will be added to the window above.
9. Click submit (not submit and restart until you create the other NAR for the other group)
***Remember that groups that are mapped to and outside group (ldap, AD) will be able to connect to your routers and switches UNLESS to tell the ACS not to. By default the ACS doesn't know not to let USER1 access the routers but not allow USER2.
That being said, you'll need to deny access to your routers and switches (network device group) to all groups that are not allowed to connect to those devices.
Click submit and restart but remember this will stop authenticating users for the time its restarting.
Hope this helps and feel free to ask anymore questions.
Craig
Pls rate helpful posts.