05-04-2007 06:58 AM - edited 03-10-2019 03:08 PM
Hi..
Im trying to understan the way acs working with group maping to Active Directory.
What i wan to achive is
1- to have AD group for Wireless users
who are permitet to authenticate and use WLAN
2-to have AD group for VPN users who are permitet to authenticate and use VPN
3-To have AD group for Switch Admin who are permitet to authenticate and manage LAN switches.
For exmeple Some users members i vpn group need as well be member of wireless group in AD..
Is that posible to have? or do i need to setup additionl ACS server for each
05-07-2007 12:45 PM
First, you will need to have ACS 4.0 or above.
Next, you need to set up group mapping for AD with the following:
AD group wireless = W
AD group VPN = V
AD group Switch mgmt = S
ACS group 1 = W V S
ACS group 2 = W V
ACS group 3 = W S
ACS group 4 = V S
ACS group 5 = W
ACS group 6 = V
ACS group 7 = S
These MUST be set up in the described order.
Note - for 3 non-exclusive AD groups you need to configure 7 ACS groups. This problem will be alleviated in ACS 5.x
Now, in each ACS group mapped with W have a NAR that permits access to the wireless devices, V with a NAR that permits access to VPN devices and S with a NAR that permits access to the switches, such that:
ACS group 1: NAR_w, NAR_v, NAR_s
ACS group 2: NAR_w, NAR_v
and so on.
05-08-2007 08:48 AM
Thanks for very good answer im running acs 4.1 wich raise some other questions for me.. :)
1- What will happen if i would apply the Downloadle ACL i would have only for vpn users on
ACS group 1 = W V S
2- Do you know when the version 5.0 will be released..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide