are there any tac_plus users out there? I've set it up so that our routers and cisco VPN clients authenticate to a tacacs+ server. the problem is, just because they can vpn into the system doesn't necessarily mean that they should be able to log into the routers. is there a way to permit or deny access to specific devices on a per user basis?
Any help would be much appreciated.