https://community.cisco.com/t5/network-access-control/group-connection-between-cisco-switch-and-acs-server/m-p/1128747#M364628 <HTML><HEAD></HEAD><BODY><P>Ceriel-</P><P></P><P>Check this link, it might help you out.</P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=AAA&amp;topicID=.ee6e1fe&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc25eb6" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=AAA&amp;topicID=.ee6e1fe&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc25eb6</A></P></BODY></HTML> Mon, 24 Nov 2008 14:29:32 GMT Collin Clark 2008-11-24T14:29:32Z https://community.cisco.com/t5/network-access-control/group-connection-between-cisco-switch-and-acs-server/m-p/1128746#M364618 <P>Hello,</P><P></P><P>My name is Ceriel Roland and I have a small problem:</P><P></P><P>We are using Cisco 3560 Switches with 12.2(44)SE2 IOS.</P><P>These switches are dot1x enabled with the ACS server.</P><P></P><P>Computers are authenticated trough certificates and it all works fine.</P><P></P><P>We also want to enable login with ACS server, but we dont want all users to have access.</P><P>Only the group AD_Admins needs to have access.</P><P></P><P>I created the group and added users.</P><P></P><P>On the switch I entered the command:</P><P></P><P>aaa authentication login AD_Admins local group radius</P><P></P><P>But the users cant login to the switch.</P><P></P><P>If i change the command to:</P><P></P><P>aaa authentication login default local group radius</P><P></P><P>Then users can login, but ALL users can login and i only want AD_Admins to be able to login.</P><P></P><P>How can i set this up for it to work?</P><P></P><P>Greetings,</P><P>Ceriel Roland</P> Sun, 10 Mar 2019 23:12:18 GMT https://community.cisco.com/t5/network-access-control/group-connection-between-cisco-switch-and-acs-server/m-p/1128746#M364618 CerielRoland 2019-03-10T23:12:18Z https://community.cisco.com/t5/network-access-control/group-connection-between-cisco-switch-and-acs-server/m-p/1128747#M364628 <HTML><HEAD></HEAD><BODY><P>Ceriel-</P><P></P><P>Check this link, it might help you out.</P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=AAA&amp;topicID=.ee6e1fe&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc25eb6" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Security&amp;topic=AAA&amp;topicID=.ee6e1fe&amp;fromOutline=&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc25eb6</A></P></BODY></HTML> Mon, 24 Nov 2008 14:29:32 GMT https://community.cisco.com/t5/network-access-control/group-connection-between-cisco-switch-and-acs-server/m-p/1128747#M364628 Collin Clark 2008-11-24T14:29:32Z https://community.cisco.com/t5/network-access-control/group-connection-between-cisco-switch-and-acs-server/m-p/1128748#M364635 <HTML><HEAD></HEAD><BODY><P>Hi Collin,</P><P></P><P>I tried it but the problem is that the ACS server also allows clients to authenticate trough dot1x.</P><P></P><P>If i adjust that setting, the users cant use the network anymore.</P><P></P><P>I also tried to achieve it trough Network Access Profiles to allow clients to communicate trough Radius and allow users to login with TACACS, but i cant define TACACS access in the NAP's.</P><P></P><P>Greetings,</P><P></P><P>Ceriel</P></BODY></HTML> Mon, 24 Nov 2008 14:46:02 GMT https://community.cisco.com/t5/network-access-control/group-connection-between-cisco-switch-and-acs-server/m-p/1128748#M364635 CerielRoland 2008-11-24T14:46:02Z