cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
4
Replies

ACS Vlan assignment with Windows AD Authentication

dprakken1
Level 1
Level 1

Hola, I have a customer hosting multiple MS AD domains, each on a separate VLAN. They want to use ACS to authenticate inbound VPN clients into their respective domains (VLAN's), based on login credentials. Can this be done?

Thanks - Dave

4 Replies 4

darpotter
Level 5
Level 5

Yes this can be done... providing users are different groups.

You might have to create an AD group for VLAN then in ACS map the AD VLAN groups to ACS groups - each with appropriate RADIUS VLAN attributes.

The only issue then is that if you were already mapping AD groups (eg admin, employee, contractor) etc.. its "game over"

Darran

jasjsing
Cisco Employee
Cisco Employee

You need to map users of different Vlan w/ different groups in ACS bases on their domians. Each group in ACS should be configured for Dynamic ACls to be downloaded after authentication for that particular user. This way you can restrict the access of the user to his Vlan only .

Jasjeet

Thanks for the help! I will try it out on-site next week. - Dave

If each domain is on a different VLAN, does the ACS box need to be on a trunking port on the switch?

Dave