I'm running ACS5.0 and i want to take 10 users and give them specific show command capability to 4 specific switches without affecting any other policy that I have in place presently and not let them view any other device in the network...
There are a couple of different ways you can accomplish this. You can put those 4 specific devices in an NDG then as part of you authorization rule only allow those 10 users to access that NDG. On your rules page will can use the customize button on the bottom right of the rules page to add NDG:Device Type or NDG:Device Location or other NDG to your page. Alternatively you could also use a compound condition rule and check for NDG and group mapping. You will probably have to create a second rule to deny those users from the rest of your devices.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...