https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338979#M433141 <HTML><HEAD></HEAD><BODY><P>MA,</P><P></P><P>Thanks for the response; we thought of the same idea and testing a pilot group that has both type of access. Just curious if you have already implemented this and how it is working? Thanks again.</P><P></P><P>JA</P></BODY></HTML> Tue, 14 Dec 2004 17:06:56 GMT arevaloj 2004-12-14T17:06:56Z https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338976#M433138 <P>Hello,</P><P></P><P>I dont think a user can be a member of two different groups but is it possible to nest the groups that a user belongs in? Scenario is that we would like AAA on wireless users which some will also be VPN users. Of course we only have one ACS server to do this on. Thanks in advance.</P><P></P><P>JA</P> Sun, 10 Mar 2019 20:54:41 GMT https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338976#M433138 arevaloj 2019-03-10T20:54:41Z https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338977#M433139 <HTML><HEAD></HEAD><BODY><P>As far as I know, you cannot nest the groups that a user belongs in.</P></BODY></HTML> Wed, 08 Dec 2004 14:47:28 GMT https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338977#M433139 umedryk 2004-12-08T14:47:28Z https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338978#M433140 <HTML><HEAD></HEAD><BODY><P>You could have two groups. One group would have privileges for both the vpn and wireless access, the other group would have wireless only.</P><P></P><P>If you are using an external db for authentication you would then have the users that have access to both services on top of the list and have the users that only have wireless access below that.</P><P></P><P>Otherwise you could just map each user to the appropriate group using the ACS db.</P><P></P><P>MA</P></BODY></HTML> Tue, 14 Dec 2004 01:22:33 GMT https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338978#M433140 crazycrok 2004-12-14T01:22:33Z https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338979#M433141 <HTML><HEAD></HEAD><BODY><P>MA,</P><P></P><P>Thanks for the response; we thought of the same idea and testing a pilot group that has both type of access. Just curious if you have already implemented this and how it is working? Thanks again.</P><P></P><P>JA</P></BODY></HTML> Tue, 14 Dec 2004 17:06:56 GMT https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338979#M433141 arevaloj 2004-12-14T17:06:56Z https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338980#M433143 <HTML><HEAD></HEAD><BODY><P>If have an identical problem. I want that an user can authenticate to an Dial-In-NAS, VPN-Concentrator, ...</P><P>with RSA-Secure-Cards. The user-profil must have different ip-pools for the concentrator and the dialin-router. Can the ACS handle this function ?</P><P></P><P>AS </P></BODY></HTML> Wed, 05 Jan 2005 13:04:18 GMT https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338980#M433143 schmidta 2005-01-05T13:04:18Z https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338981#M433145 <HTML><HEAD></HEAD><BODY><P>I know that nested groups isn't supported on ACS 4.0, but, is it on ACS 4.1 ???</P><P></P><P>See note in page 77</P><P><A class="jive-link-custom" href="http://www.cisco.com/global/IT/solutions/ent/tecnologie/wireless/pdf/avvid_implementation_guide.pdf" target="_blank">http://www.cisco.com/global/IT/solutions/ent/tecnologie/wireless/pdf/avvid_implementation_guide.pdf</A></P><P></P><P>Regards,</P><P>Maximiliano.</P></BODY></HTML> Fri, 19 Oct 2007 18:13:51 GMT https://community.cisco.com/t5/network-access-control/acs-users-groups/m-p/338981#M433145 Maximiliano.Garcia.Solorzano 2007-10-19T18:13:51Z