am trying to get around 900 cisco routers authenticated through Cisco
TACACS+ ,while doing this i added two clients and two users
corrosponding to them,i hav two issues
1# if there is a user and a group each needed for each client if we add them individually.(i.e. 900 users and groups) ?
#I plan to group all my devices ,so i plan to form a NDG,i have
prepared three shell command authorization sets and three users in
three separate groups,
each user has different commands execution
permission,can i use all three users on same NDG?(to acess all clients
in the NDG with different privileges.
Kindly let me know if i m thinking on right lines and Is there any other way to administer such large no. of clients.
If you want to filter based on user for certain aaa clients then best is to have user based restriction on user profile and if user and group both need access to same client then it will best to restrci on group only is enough and assign those users to the same group in which you have applied.
Better to use users based on privillage level on different aaa clients rather on common group.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...