Hi everybody

I have 2 problems and appreciate any help resolving them as I am starting to pull my hair out and pretty soon there will none left.

- I have a cisco unified network (ACS 5.1, Cisco controller, LWAP) and have configured ACS to integrate with AD.

- I am using this network for Laptops and wireless IP phones access.

- I have only one Service Selection rule for both Laptops and wireless IP phones. All the conditions attributes are set to ANY except Protocol = Radius

- I select a simple Identity Policy and I use a sequence where IP phones users are authenticated using ACS local user and the Laptops users are authenticated using AD

- Laptop users are authenticated using PEAP and IP phones users using EAP-Fast

Everything is working fine BUT I need to make 2 changes and eventhough  I spent many hours hours on forums and reading articles and trying things myself I can't get the changes to work.

The first change is to use 2 Service Selection Rules one for the IP phones and one for the Laptops. After adding another service selection rules that I put at the top, I tried many combinations to try and get the IP phones to use it but whatever I did (used different combinations of conditions), the IP phones always select the 2nd rule, which is the original one. The question is "what conditions to put in a service selection rule to make wireless IP phones use the rule).

The second change is that I want to add machine authentication so only Laptops that are in AD can access the network. AGain I tried various settings but can't get this to work. If someone could give me the steps involved and where in ACS to find  them that would be great.

I appreciate any help you can provide.

Thanks

Raoul