Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

setting access for one user


Our client has ACS server and implemented AAA fro logging into switches and routers through ACS which is being cofigured RADIUS . They are telnet into rotuers and switches from any user but they are want to setting access from only one user . Can someone plz tell me what can i do to solve yhis problem ?

New Member

Re: setting access for one user


If I understand this right, you have multiple users that can access the routers and switches right now but would like it so only 1 username has access?

If so, you could use NARS (network access restrictions) and deny access to everyone else but the one specific user.

Just select

1.Group Setup

2.Select the group which "already has" router switch access, edit the group settings

3.Then scroll down to the "per group defined network access restrictions" Enable it with a checkmark.

4. Select deny calling/point

5. AAA client = routers and switches (NDG)

6. Ports = *

7. Address = *

8. Hit enter and the new rule will be added to the window above.

9. Click submit (not submit and restart until you create the other NAR for the other group)

***Remember that groups that are mapped to and outside group (ldap, AD) will be able to connect to your routers and switches UNLESS to tell the ACS not to. By default the ACS doesn't know not to let USER1 access the routers but not allow USER2.

That being said, you'll need to deny access to your routers and switches (network device group) to all groups that are not allowed to connect to those devices.

Click submit and restart but remember this will stop authenticating users for the time its restarting.

Hope this helps and feel free to ask anymore questions.


Pls rate helpful posts.

CreatePlease login to create content