Re: ACS users/groups

arevaloj · ‎12-01-2004

Hello,

I dont think a user can be a member of two different groups but is it possible to nest the groups that a user belongs in? Scenario is that we would like AAA on wireless users which some will also be VPN users. Of course we only have one ACS server to do this on. Thanks in advance.

JA

umedryk · ‎12-08-2004

As far as I know, you cannot nest the groups that a user belongs in.

crazycrok · ‎12-13-2004

You could have two groups. One group would have privileges for both the vpn and wireless access, the other group would have wireless only.

If you are using an external db for authentication you would then have the users that have access to both services on top of the list and have the users that only have wireless access below that.

Otherwise you could just map each user to the appropriate group using the ACS db.

MA

arevaloj · ‎12-14-2004

MA,

Thanks for the response; we thought of the same idea and testing a pilot group that has both type of access. Just curious if you have already implemented this and how it is working? Thanks again.

JA

schmidta · ‎01-05-2005

If have an identical problem. I want that an user can authenticate to an Dial-In-NAS, VPN-Concentrator, ...

with RSA-Secure-Cards. The user-profil must have different ip-pools for the concentrator and the dialin-router. Can the ACS handle this function ?

AS

Maximiliano.Garcia.Solorzano · ‎10-19-2007

I know that nested groups isn't supported on ACS 4.0, but, is it on ACS 4.1 ???

See note in page 77

http://www.cisco.com/global/IT/solutions/ent/tecnologie/wireless/pdf/avvid_implementation_guide.pdf

Regards,

Maximiliano.