cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
524
Views
5
Helpful
3
Replies

AAA - ACS - Users authenticate to different NDGs

jafarsadiq
Level 1
Level 1

Hi...

We have a ACS Appliance integrated with MS AD and users are authenticated successfully.

Our Requirement is that, we have 3 Departments with 20 Edge Switches each. I have created 3 Network Device Groups (NDG) for each department in ACS with 20 Switches each.

Now, if i create a user, he can log onto all the 3 department's Edge switch, since it is under the same ACS.

I want a particular user to authenticate only to his associated department's NDG.

Hope my Question is clear.. Please pass your comments.

thanks a lot,

Jafar

1 Accepted Solution

Accepted Solutions

sahmedshahcsd
Level 1
Level 1

Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.

For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.

Hope this helps

Ahmed

View solution in original post

3 Replies 3

sahmedshahcsd
Level 1
Level 1

Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.

For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.

Hope this helps

Ahmed

Hi Ahmed,

Thanks a lot.. I did a research on NAR and made it work...

Thanks

Jafar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: