Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Giving staff enable access to some devices but not others

Hi,

We have a working ACS 3.3 server and currently have TACACS+ configured on a few major switches. I have all of the network staff that need login/enable access to these switches in one ACS group called Netadmin. I now want to configure TACACS+ on a 6500 Firewall module so our firewall admin can do administration. I would like the firewall admin to only have login/enable access to the FWSM and not the switches. If I add the fw admin to the Netadmin group they will have access to everything, any ideas on how to solve this ?

Thanks

2 REPLIES

Re: Giving staff enable access to some devices but not others

Hello,

you need to create a new user group, say "FWadmin" and define the possibilities the FWadmin has. The device FWSM will then be included in the devices the netadmins are allowed to access and also the FWadmin is allowed to access.

Hope this helps! Please rate all posts.

Regards, Martin

Community Member

Re: Giving staff enable access to some devices but not others

Thanks for your reply, can you give me a hint on where within the group setup I would list the devices users of this group were allowed to log into ? Would I use NDG (Network Device Groups) ?

Thanks

148
Views
2
Helpful
2
Replies
CreatePlease to create content