Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Best way to seperate devices using ACS

We have 350 +/- devices attached to our ACS. The devices comprise approximately 65 remote locations. Currently all devices are in one NDG. We have 3 network engineers that will need access to all devices. Each remote site with network devices has 1 tech support person that needs read only access to their network devices only.

I have figured out how to give them read only access, but I am not sure about the best way to limit their access to the devices they should have and not the rest of the devices on the network.

i.e network engineers need access to all devices, user 1 needs access ONLY to device A B & C, User 2 needs access to devices D, E, & F.

Thanks in advance for suggestions


Re: Best way to seperate devices using ACS

For this you need to set up a feature called network access restriction (NAR)

Please see this link,



Do rate helpful posts

New Member

Re: Best way to seperate devices using ACS


For that you have to create NDG Groups first Sitewise.

To Enable to NDG Group Setup

Goto>>>>>>>>Interface Configuration>..

Under that click on the "Advanced Options"

check the box :Network Device Groups

Now click on the "Network Configuration" tab

If you click the Add entry:

You can find the difference like it will promt you to

Network Device Group Name :

Shared Secret :

Give the Network Device Group Name as your Remote Site.

Add the Network Device under the site your are added