cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
467
Views
2
Helpful
2
Replies

Giving staff enable access to some devices but not others

KENT EITZMANN
Level 1
Level 1

Hi,

We have a working ACS 3.3 server and currently have TACACS+ configured on a few major switches. I have all of the network staff that need login/enable access to these switches in one ACS group called Netadmin. I now want to configure TACACS+ on a 6500 Firewall module so our firewall admin can do administration. I would like the firewall admin to only have login/enable access to the FWSM and not the switches. If I add the fw admin to the Netadmin group they will have access to everything, any ideas on how to solve this ?

Thanks

2 Replies 2

mheusinger
Level 10
Level 10

Hello,

you need to create a new user group, say "FWadmin" and define the possibilities the FWadmin has. The device FWSM will then be included in the devices the netadmins are allowed to access and also the FWadmin is allowed to access.

Hope this helps! Please rate all posts.

Regards, Martin

Thanks for your reply, can you give me a hint on where within the group setup I would list the devices users of this group were allowed to log into ? Would I use NDG (Network Device Groups) ?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: