Solved: You need to create 2 device

peterbe · ‎03-14-2014

Hi

We need to use the same user IDs for both 802.1X and VPN access:

802.1X authentication request from local switch will use AD

VPN authentication request from VPN device will use RSA

I am OK with NDG to determine what device request comes from. What I have not worked out is how the same user ID user can be tied to different authentication depending on NDG.

An example configuration would be ideal

Thanks

Peter

Jatin Katyal · ‎03-15-2014

You need to create 2 device type one for switches and other for firewalls.

Under default network access > identity > click on "rule based result selection" > create 2 rules

1. for dot1x > select the device type and identity source.

2. for vpn > select the device type and identity source.

Note: The user should be there in both the database.

Regards,

Jatin Katyal

**Do rate useful posts**

~Jatin

View solution in original post

Jatin Katyal · ‎03-15-2014

You need to create 2 device type one for switches and other for firewalls.

Under default network access > identity > click on "rule based result selection" > create 2 rules

1. for dot1x > select the device type and identity source.

2. for vpn > select the device type and identity source.

Note: The user should be there in both the database.

Regards,

Jatin Katyal

**Do rate useful posts**

~Jatin

Amjad Abdullah · ‎03-16-2014

Hi Peter,

I think Jatin answered your question. There must be two different device types and you choose different identity source for each device type.

Please mark the question as "answered" if that answered your question.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

ACS 5.3 - Can user be authenticated by different stores depending on ndg?