We currently have a rule in Extreme Control that allows SSH access to members of an Active Directory group and another rule that prevents SSH access from anyone else. What I am now trying to do is create a third rule that will let Active Directory accounts of two users SSH to two specific switches (and only those two switches). Is that possible?
Solved! Go to Solution.
This should be possible. A rule with a Location group and the Location group specifying the two specific switches by IP... as well as perhaps a User Group -> LDAP User Group style lookup to either match on a memberOf group specific to those two users only.. or you can actually do a sAMAccountName=<user1> or sAMAccountName=<user2> attribute matching ANY to accomplish the same goal. The rest of the users would fall through to your SSH block rule.