can i use same AAA server in different NDG group for AAA clients?

Anand Narayana · ‎02-07-2007

Hi,

i am running, cisco ACS 4.1(90 days trail version), in that i have created a NDG, named as "EdgeSwitches", inside to that groupi hav added AAA clients as the switches ip address which ever i require, in that i can see AAA server, also named as "cisco-acs" & the ip address "10.1.1.1". now again i wanted to added a a different NDG named as "ServerSwitchs", i am adding the switches which ever is required to be in this group, now when i add AAA server & specify the same AAA server name as "cisco-acs" with the ip address "10.1.1.1"

, i get the error "Host Already Exists" then if i change the name as cisco-acs as cisco-acs1, i get "An overlapping IP range has been detected 10.203.1.92 conflicts with cisco-acs entry of 10.1.1.1"

, how do i over come with this? because i am planning in such a way that some set of users should access EdgeSwitches" & some of users should access "ServerSwitches" with the privilege levels as per my requirement.

andreas.larsen · ‎02-07-2007

Create usergroups. And assigned the user that you want to have access for ServerSwitches to the group ServerSwitches and the group Edgeswitches for the group Edgeswitches etc. Then you can assign privileges per NDG in the group section. Or you can assign privileges per user also if you like.