https://community.cisco.com/t5/network-access-control/applying-dynamic-access-policies-using-radius-attributes/m-p/2684270#M54723 <P>Hi,</P><P>I'm trying to define a DAP using Radius attributes but the policy is not being correctly assigned. I've tried using attribute value 25 and 145 based off the following documentation.</P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/aaa-radius.html#32985" target="_blank">http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/aaa-radius.html#32985</A></P><P>Users connect via an Anyconnect Client, then based of their AD groups (via Radius server) they are assigned to Group Policy. Instead of creating several different Group Policies and multiple NPS network policies I'd like to use DAP to define more granular access.</P><P>Has anybody successfully done this as what Radius attribute did you use?</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Mar 2019 05:55:02 GMT croninbarry 2019-03-11T05:55:02Z https://community.cisco.com/t5/network-access-control/applying-dynamic-access-policies-using-radius-attributes/m-p/2684270#M54723 <P>Hi,</P><P>I'm trying to define a DAP using Radius attributes but the policy is not being correctly assigned. I've tried using attribute value 25 and 145 based off the following documentation.</P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/aaa-radius.html#32985" target="_blank">http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/aaa-radius.html#32985</A></P><P>Users connect via an Anyconnect Client, then based of their AD groups (via Radius server) they are assigned to Group Policy. Instead of creating several different Group Policies and multiple NPS network policies I'd like to use DAP to define more granular access.</P><P>Has anybody successfully done this as what Radius attribute did you use?</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Mar 2019 05:55:02 GMT https://community.cisco.com/t5/network-access-control/applying-dynamic-access-policies-using-radius-attributes/m-p/2684270#M54723 croninbarry 2019-03-11T05:55:02Z https://community.cisco.com/t5/network-access-control/applying-dynamic-access-policies-using-radius-attributes/m-p/2684271#M54726 <P>Those radius attributes are as you have seen already, used to assign Group Policy not DAPs. I have not tried it, but does it not work, if you send the class 25 attribute from NPS, as the AD group name, and then use a DAP to match that AAA value ?</P> Fri, 17 Jul 2015 15:53:15 GMT https://community.cisco.com/t5/network-access-control/applying-dynamic-access-policies-using-radius-attributes/m-p/2684271#M54726 jan.nielsen 2015-07-17T15:53:15Z https://community.cisco.com/t5/network-access-control/applying-dynamic-access-policies-using-radius-attributes/m-p/2684272#M54731 <P>I tried (i think) what you are speaking about here without much success. At the moment the only way I can add a group policy to a DAP is by specifying it from the drop down list. I figure there must be some way of doing it as the radius option is available.</P> Fri, 17 Jul 2015 16:25:40 GMT https://community.cisco.com/t5/network-access-control/applying-dynamic-access-policies-using-radius-attributes/m-p/2684272#M54731 croninbarry 2015-07-17T16:25:40Z