4 Replies Latest reply: May 3, 2012 3:34 AM by Daniel RSS

    RADIUS authentication vs Active Directory/LDAP restrict user access?




      This questions is probably out of topic regarding CISCO, but is there a way to restrict which users have access to which switches globally?

      I mean that most configurations i see *all* admins put in the same AD-group and have their usernames/passwords authenticated against AD, with the same privileges.


      Is there an easier way to restrict access down even further so that the users in the AD-group can authenticate and login to the switch, but then filter different "views" they have access to globally? I've seen this at some of the bigger ISPs but they use stand-alone software to accomplish this, is it possible to have a global administration of the views and at the same time authenticate through AD/LDAP?


      I have done extensive research on the topic but found no good information. Basically i just want RADIUS/AD authentication and access-views to be administrated globally instead of per-device....the authentication is the easy part.


      Any ideas are greatly apreciated!