We have a ACS Appliance integrated with MS AD and users are authenticated successfully.
Our Requirement is that, we have 3 Departments with 20 Edge Switches each. I have created 3 Network Device Groups (NDG) for each department in ACS with 20 Switches each.
Now, if i create a user, he can log onto all the 3 department's Edge switch, since it is under the same ACS.
I want a particular user to authenticate only to his associated department's NDG.
Hope my Question is clear.. Please pass your comments.
thanks a lot,
Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.
For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.
Hope this helps