Hi
I still don't have access to ACS 5.4 I'm planning on how to do the policy rule.
I would like that a given user could belong to several groups, my understanding is that ACS expects to only use ACS:CiscoSecure-Group-ID and that no other AVPs are supported. Is this correct?
Is it possible for ACS 5.4 to check for several ACS:CiscoSecure-Group-ID AVPs and use one AVP or another depending the device from the TACACS+ AAA is coming from?
I want to achieve the following:
User John's groups: firewalls read-only, load-balancers read-write, switches read-only
If John authenticates from a firewall, then read-only authorization is assigned.
If John authenticates from a load-balancer, then read-write authorization is assigned.
Is this possible?
Thanks
Ulises