cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
517
Views
0
Helpful
0
Replies

ACS 5.4 + and multiple Radius ACS:CiscoSecure-Group-ID AVPs?

Hi

I still don't have access to ACS 5.4 I'm planning on how to do the policy rule.

I would like that a given user could belong to several groups, my understanding is that ACS expects to only use ACS:CiscoSecure-Group-ID and that no other AVPs are supported. Is this correct?

Is it possible for ACS 5.4 to check for several ACS:CiscoSecure-Group-ID AVPs and use one AVP or another depending the device from the TACACS+ AAA is coming from?

I want to achieve the following:

User John's groups: firewalls read-only, load-balancers read-write, switches read-only

If John authenticates from a firewall, then read-only authorization is assigned.

If John authenticates from a load-balancer, then read-write authorization is assigned.

Is this possible?

Thanks

          Ulises

0 Replies 0