ACS Server question

Unanswered Question

Hi all,


I need to allow access for all groups to a single test device. We have groups configured as such:


Router Group: Contains all Routers in corp


Switch Group: 1 per site contains local switches


User Groups: 1 per site + corp IT


Typically the LAN Admins for each site can only access the layer 2 switches.

The Network Engineers can access everything.


I need to allow everyone in the ACS server access to one device for testing SSH.


What is the easiest way of handling this?


Should I just create a new device group and then add that to each of the user group's allowed devices?


Is there a way to create a "global" group that would have access to the single device?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darpotter Mon, 05/18/2009 - 23:59
User Badges:
  • Silver, 250 points or more

I would suggest creating some Shared NARs for each group of devices - I assume these are already in NDGs. These should be permit ip filters.


In each ACS group you can map from NDG to Shared NAR adding just those that a relevant. Anything not specifically listed would result in a deny.




Actions

This Discussion