https://community.cisco.com/t5/network-access-control/rbac-requirement/m-p/3695324#M494901 Eeerm, what is it exactly that you’re trying to do (as opposed to how)? It sounds like you are describing ISE Policy sets, but it’s not clear. Mon, 27 Aug 2018 07:33:17 GMT RichardAtkin 2018-08-27T07:33:17Z https://community.cisco.com/t5/network-access-control/rbac-requirement/m-p/3695255#M494900 <P class="p1"><SPAN class="s1">RBAC requirement</SPAN></P> <P class="p1">&nbsp;</P> <P class="p1"><SPAN class="s1">1. Is it possible to implement some kind of virtual profile on the ACS so that if the request is from a certain set of ip addresses it redirects the request to a different profile in ACS. Physically it will be single appliance but virtually there will be 2; one for underlay AAA requirements and second for overall AAA requirements.</SPAN></P> Mon, 27 Aug 2018 03:29:40 GMT https://community.cisco.com/t5/network-access-control/rbac-requirement/m-p/3695255#M494900 jineshrd 2018-08-27T03:29:40Z https://community.cisco.com/t5/network-access-control/rbac-requirement/m-p/3695324#M494901 Eeerm, what is it exactly that you’re trying to do (as opposed to how)? It sounds like you are describing ISE Policy sets, but it’s not clear. Mon, 27 Aug 2018 07:33:17 GMT https://community.cisco.com/t5/network-access-control/rbac-requirement/m-p/3695324#M494901 RichardAtkin 2018-08-27T07:33:17Z https://community.cisco.com/t5/network-access-control/rbac-requirement/m-p/3695499#M494902 <P>I agree with Richard it sounds like you are asking put Policy Sets in ISE, but if you are asking about ACS then you are talking about Access Service definitions.&nbsp; Both ISE and ACS allow you to carve up the configuration into different rule sets based on a wide variety of definitions (NAD type, NAD IPs, locations, SSID name, VPN tunnel group, RADIUS attributes, etc.)</P> <P>&nbsp;</P> Mon, 27 Aug 2018 13:13:09 GMT https://community.cisco.com/t5/network-access-control/rbac-requirement/m-p/3695499#M494902 paul 2018-08-27T13:13:09Z