Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

AAA - ACS - Users authenticate to different NDGs

Hi...

We have a ACS Appliance integrated with MS AD and users are authenticated successfully.

Our Requirement is that, we have 3 Departments with 20 Edge Switches each. I have created 3 Network Device Groups (NDG) for each department in ACS with 20 Switches each.

Now, if i create a user, he can log onto all the 3 department's Edge switch, since it is under the same ACS.

I want a particular user to authenticate only to his associated department's NDG.

Hope my Question is clear.. Please pass your comments.

thanks a lot,

Jafar

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: AAA - ACS - Users authenticate to different NDGs

Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.

For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.

Hope this helps

Ahmed

3 REPLIES
Community Member

Re: AAA - ACS - Users authenticate to different NDGs

Using Network Access Restrictions (NAR) will work in this scenario. Best approach will be creating separate user groups for each department and then enable shared NAR in group properties and select appropriate department NDG's in order to restrict the access for these group of users.

For Example: Dept A user group will be denied access to NDG of Dept B and C as selected and in the similar way NAR can be applied on rest of the user groups.

Hope this helps

Ahmed

Re: AAA - ACS - Users authenticate to different NDGs

You can set it up using NAR in ACS.

http://cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml

Regards,

~JG

Do rate helpful posts

Community Member

Re: AAA - ACS - Users authenticate to different NDGs

Hi Ahmed,

Thanks a lot.. I did a research on NAR and made it work...

Thanks

Jafar

162
Views
5
Helpful
3
Replies
CreatePlease to create content