topic Cisco Secure ACS in Network Access Control

Cisco Secure ACS

eoscar — Fri, 21 Feb 2020 17:57:36 GMT

Can users be authenticated using CSACS before receiving an IP address from DHCP?

Re: Cisco Secure ACS

p.krane — Tue, 30 Oct 2001 14:58:09 GMT

No. They need an ip address to get to the server. What are you trying to accomplish?

Re: Cisco Secure ACS

p.jacques — Tue, 30 Oct 2001 19:50:42 GMT

Not true, the NAS\ CAS sends the authentication requests to ACS on behalf of the user. If the NAS\ CAS is DHCPing prior to authentication, then the config is wrong.

You can force the situation of authentication then DHCP, by making the ACS the dhcp server (ip pools). You need to enable authorisation on the NAS\ CAS otherwise it ignores the ACS suggestion of an IP address.

Re: Cisco Secure ACS

e-oscar — Fri, 02 Nov 2001 16:58:15 GMT

This makes more sense. So, on the CSACS i would install a dhcp server.

But, I would like to run dhcp(collapse core swich) and CSACS on diffrent boxes and be able to achieve exactly what you explained in you response.