Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
Bronze

ACS Server question

Hi all,

I need to allow access for all groups to a single test device. We have groups configured as such:

Router Group: Contains all Routers in corp

Switch Group: 1 per site contains local switches

User Groups: 1 per site + corp IT

Typically the LAN Admins for each site can only access the layer 2 switches.

The Network Engineers can access everything.

I need to allow everyone in the ACS server access to one device for testing SSH.

What is the easiest way of handling this?

Should I just create a new device group and then add that to each of the user group's allowed devices?

Is there a way to create a "global" group that would have access to the single device?

1 REPLY
Silver

Re: ACS Server question

I would suggest creating some Shared NARs for each group of devices - I assume these are already in NDGs. These should be permit ip filters.

In each ACS group you can map from NDG to Shared NAR adding just those that a relevant. Anything not specifically listed would result in a deny.

131
Views
0
Helpful
1
Replies
CreatePlease to create content