08-06-2003 10:08 AM - edited 02-21-2020 10:07 AM
I have an issue.
We have 2 groups which are created in ACS, Group 1: Tacacs Access, and Group 2:Radius Access. The 1st group has individuals that have been created on the ACS server itself. The 2nd group is dynamic users who are being enabled access through User Manager for Domains. We do not want to have the 2nd group to be able to access our routers and switches with their Microsoft Accounts, which they currently can, atleast as far as to the enable prompt. I would like to have the 2 groups be totally independent of one another. Our 1st group is only used for our administrators to access all our network devices.
I am sure that some type of filtering or allowing of a certain group of IP addresses could be implemented on the ACS, but I am unsure where, if this is the case.
Can someone please help!
Thank You!
Matt
Solved! Go to Solution.
08-06-2003 10:43 PM
You need to set up Network Access Restrictions (NAR), restricting Group 2 to not be able to access the routers/switches.
Make sure Group-Level NAR is checked under Interface Config - Advanced Options. Then go under Group 2, to the NAR section, check the "Define IP-based access restrictions" box, select Table defines "Denied calling points", then select each of the routers/switches, using an * for Port and Address and add them to the table.
This will deny anyone in Group 2 from authenticating to any of the routers/switches.
08-06-2003 10:43 PM
You need to set up Network Access Restrictions (NAR), restricting Group 2 to not be able to access the routers/switches.
Make sure Group-Level NAR is checked under Interface Config - Advanced Options. Then go under Group 2, to the NAR section, check the "Define IP-based access restrictions" box, select Table defines "Denied calling points", then select each of the routers/switches, using an * for Port and Address and add them to the table.
This will deny anyone in Group 2 from authenticating to any of the routers/switches.
08-07-2003 01:47 AM
Thanks for your expertise!
The solution you recommended worked great!
I appreciate your assistance, good luck in your endeavors!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide