Restricting Access to Group

Unanswered Question
Nov 9th, 2009
User Badges:


I have ACS 4.0 authentication through external database Windows Active Directory. I want only support group created on ACS to have access rights to AAA client [Routers,Firewall,Switches] for telnet & SSH all members of other group should be denied.

Groups are created.

AAA members are added to ACS

but restricting to specific group not working

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
darpotter Tue, 11/10/2009 - 01:30
User Badges:
  • Silver, 250 points or more

Assuming you've confirmed that T+ authentications are actually been sent to your ACS, then it should be just a case of adding Windows group mappings:

Support -> ACS Support Group

Default -> NO ACCESS

Group mapping is applied after AD authentication, so even if correct credentials are supplied the user will be mapped to NO ACCESS (ie rejected) if they are not a member of the correct AD group.


This Discussion