ACS Server question

Unanswered Question

Hi all,

I need to allow access for all groups to a single test device. We have groups configured as such:

Router Group: Contains all Routers in corp

Switch Group: 1 per site contains local switches

User Groups: 1 per site + corp IT

Typically the LAN Admins for each site can only access the layer 2 switches.

The Network Engineers can access everything.

I need to allow everyone in the ACS server access to one device for testing SSH.

What is the easiest way of handling this?

Should I just create a new device group and then add that to each of the user group's allowed devices?

Is there a way to create a "global" group that would have access to the single device?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
darpotter Mon, 05/18/2009 - 23:59
User Badges:
  • Silver, 250 points or more

I would suggest creating some Shared NARs for each group of devices - I assume these are already in NDGs. These should be permit ip filters.

In each ACS group you can map from NDG to Shared NAR adding just those that a relevant. Anything not specifically listed would result in a deny.


This Discussion