AAA - ACS - Users authenticate to different NDGs

Answered Question
Apr 28th, 2009

Hi...

We have a ACS Appliance integrated with MS AD and users are authenticated successfully.

Our Requirement is that, we have 3 Departments with 20 Edge Switches each. I have created 3 Network Device Groups (NDG) for each department in ACS with 20 Switches each.

Now, if i create a user, he can log onto all the 3 department's Edge switch, since it is under the same ACS.

I want a particular user to authenticate only to his associated department's NDG.

Hope my Question is clear.. Please pass your comments.

thanks a lot,

Jafar

Correct Answer by sahmedshahcsd about 7 years 10 months ago

Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.

For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.

Hope this helps

Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
sahmedshahcsd Tue, 04/28/2009 - 02:18

Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.

For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.

Hope this helps

Ahmed

jafarsadiq Thu, 04/30/2009 - 00:28

Hi Ahmed,

Thanks a lot.. I did a research on NAR and made it work...

Thanks

Jafar

Actions

This Discussion