cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
511
Views
0
Helpful
2
Replies

NDG Application in TACACS+

cisco.anubhav
Level 1
Level 1

hi,

i am trying to get around 900 cisco routers authenticated through Cisco TACACS+ ,while doing this i added two clients and two users corrosponding to them,i hav two issues

1# if there is a user and a group each needed for each client if we add them individually.(i.e. 900 users and groups) ?

2 #I plan to group all my devices ,so i plan to form a NDG,i have prepared three shell command authorization sets and three users in three separate groups,

each user has different commands execution permission,can i use all three users on same NDG?(to acess all clients in the NDG with different privileges.

Kindly let me know if i m thinking on right lines and Is there any other way to administer such large no. of clients.

Kindly help,

Thanks.

2 Replies 2

Ganesh Hariharan
VIP Alumni
VIP Alumni

hi,

i am trying to get around 900 cisco routers authenticated through Cisco TACACS+ ,while doing this i added two clients and two users corrosponding to them,i hav two issues

1# if there is a user and a group each needed for each client if we add them individually.(i.e. 900 users and groups) ?

2 #I plan to group all my devices ,so i plan to form a NDG,i have prepared three shell command authorization sets and three users in three separate groups,

each user has different commands execution permission,can i use all three users on same NDG?(to acess all clients in the NDG with different privileges.

Kindly let me know if i m thinking on right lines and Is there any other way to administer such large no. of clients.

Kindly help,

Thanks.

Hi Anu,

If you want to filter based on user for certain aaa clients then best is to have user based restriction on user profile and if user and group both need access to same client then it will best to restrci on group only is enough and assign those users to the same group in which you have applied.

Better to use users based on privillage level on different aaa clients rather on common group.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

could not find the solution for desired issue.kindly help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: