Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting Access to Group

Hello

I have ACS 4.0 authentication through external database Windows Active Directory. I want only support group created on ACS to have access rights to AAA client [Routers,Firewall,Switches] for telnet & SSH all members of other group should be denied.

Groups are created.

AAA members are added to ACS

but restricting to specific group not working

1 REPLY
Silver

Re: Restricting Access to Group

Assuming you've confirmed that T+ authentications are actually been sent to your ACS, then it should be just a case of adding Windows group mappings:

Support -> ACS Support Group

Default -> NO ACCESS

Group mapping is applied after AD authentication, so even if correct credentials are supplied the user will be mapped to NO ACCESS (ie rejected) if they are not a member of the correct AD group.

148
Views
0
Helpful
1
Replies