We are starting a project to use CPPM for AAA/TACACS to Cisco Switches/Routers. We have the basics already working but want to ask the community about what is the best way to implement when you have multiple business units (about 12) with different authorzation requirements.
We plan to use Active Directory as the Authentication/Authorization source with multiple AD Admin groups.
We will have to create Network Device Groups as these switches/routers are in different network for each business units.
Do we have to create multiple TACACS services for each business unit?
Any help is appreciated.