08-01-2013 07:15 AM - edited 03-11-2019 07:20 PM
Hi All,
1> Created two NT groups in window
VPNusers
Networkusers
2>created two group in acs such as
Routernetworkadmin
switch networkadmin.
3> Mapped vpnusers with routernetworkadmin
mapped networkusres with switchnetworkadmin
4> Created two NDG
Coredevices
L2devices
In coredevices add aaa client such as router,firewall, swith
in l2 devices added only switch
5) Created two NAR
superadmin
subadmin
under superadmin added NDG coredevices
under subadmin added NDG L2devices.
6> finally created two user say x and Y
user x is addedd under the group routeradmin group
user y is added under the group switch networkadmin
Requiremt is user x should access only devices mentioned under routeradmin group
and user y should access only devices mentioned under switch networkadmin group.
Does the above config works
08-06-2013 02:02 AM
Hi,
If the NAR is configured correctly under the correct group, the above scenario should work.
From under the user group you need to select the NAR which decides what devices this group members can access.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
08-06-2013 02:54 AM
Thanks
Will update once done with config
08-11-2013 05:37 AM
Hi Amjad ,
The above mentioned config is working.
Now i need to subadmin Nar to view only following command
Such as show ip route,
show ip interface briief,
show version.
Can u guide me .
08-12-2013 03:23 PM
This is a different story.
To restrict commands you need to define command authorization sets.
This config example can be useful about how to define command authorization sets on ACS 4.x
HTH
Amjad
08-13-2013 03:46 AM
Thanks for doc.
Can u just provide some additional links
08-13-2013 06:34 AM
Hi Amjad
Below are the steps I have configured.
When i excute the command show version
I am geeting an error command authorization failed.Please help
08-19-2013 07:26 AM
Hi Amjad,
Waiting for your suggestions.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: