https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473383#M387416 <P>Hi Has anyone managed to get an Auth Policy within an Access Service to match devices based on Identity Group Membership?</P><P></P><P>My Auth Rule looks like this but doesn't ever got hit???</P><P></P><P></P><P><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/legacyfs/online/legacy/5/4/1/4145-Auth%20rule.JPG" alt="Auth rule.JPG" class="jive-image-thumbnail jive-image" onclick="" width="450" /></P> Mon, 11 Mar 2019 00:08:16 GMT rhodrijenkins 2019-03-11T00:08:16Z https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473383#M387416 <P>Hi Has anyone managed to get an Auth Policy within an Access Service to match devices based on Identity Group Membership?</P><P></P><P>My Auth Rule looks like this but doesn't ever got hit???</P><P></P><P></P><P><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/legacyfs/online/legacy/5/4/1/4145-Auth%20rule.JPG" alt="Auth rule.JPG" class="jive-image-thumbnail jive-image" onclick="" width="450" /></P> Mon, 11 Mar 2019 00:08:16 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473383#M387416 rhodrijenkins 2019-03-11T00:08:16Z https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473384#M387452 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #333333;">Hi,</SPAN></P><P></P><P><SPAN style="color: #800000;">When you say devices based on identity group membership, do you mean external groups because I could see that you have selected AD in your compound condition. Looks like you have added this attribute inside the Active directory &gt; directory attributes.</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">If this is for ACS internal groups then we may try some more stuff</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Regds,</SPAN></P><P><SPAN style="color: #800000;">JK</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Do rate helpful posts-</SPAN></P></BODY></HTML> Fri, 14 May 2010 22:43:36 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473384#M387452 Jatin Katyal 2010-05-14T22:43:36Z https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473385#M387522 <HTML><HEAD></HEAD><BODY><P>Hi JK,</P><P>This is using internal groups. The compound condition I'm using matches <STRONG>System:IdentityGroup in All Groups:IPPhones</STRONG>. Then the phone in question is a member of the ID group IPPhones. I've also tried setting the compound condition to <STRONG>Internal Users:UserIdentityGroup in All Groups:IPPhones</STRONG> but still to no avail.</P><P></P><P>Thanks</P><P>Rhodri</P></BODY></HTML> Mon, 17 May 2010 08:39:47 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473385#M387522 rhodrijenkins 2010-05-17T08:39:47Z https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473386#M387575 <HTML><HEAD></HEAD><BODY><P><IMG src="https://community.cisco.com/" /></P><P></P><P>Lets try this way. VPN is an internal group and firewall is an device here.</P><P><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/" /><IMG src="https://community.cisco.com/" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/5/6/1/4165-auth_pol.JPG" class="jive-image" /></P></BODY></HTML> Mon, 17 May 2010 12:05:29 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473386#M387575 Jatin Katyal 2010-05-17T12:05:29Z https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473387#M387630 <HTML><HEAD></HEAD><BODY><P>I have almost the exact same matching policy and it works fine.</P><P>Does your authentication pass successfully? What does the AAA report tell you? Maybe it hits other rules first.</P><P></P><P>Thanks,</P><P>Tao</P></BODY></HTML> Mon, 17 May 2010 19:29:15 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473387#M387630 jintao99 2010-05-17T19:29:15Z https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473388#M387697 <HTML><HEAD></HEAD><BODY><P>Hmmm all very strange. I configured this on an Eval copy of ACS. This morning the real box arrived so once installed I'll try this again and report the results back here.</P><P>Thanks gentlemen for your assistance</P><P>Rhodri</P></BODY></HTML> Tue, 18 May 2010 14:40:54 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-authorization-policy-matching-identity-groups/m-p/1473388#M387697 rhodrijenkins 2010-05-18T14:40:54Z