08-31-2006 11:24 AM - edited 03-10-2019 02:44 PM
Hola, I have a customer hosting multiple MS AD domains, each on a separate VLAN. They want to use ACS to authenticate inbound VPN clients into their respective domains (VLAN's), based on login credentials. Can this be done?
Thanks - Dave
09-01-2006 07:37 AM
Yes this can be done... providing users are different groups.
You might have to create an AD group for VLAN then in ACS map the AD VLAN groups to ACS groups - each with appropriate RADIUS VLAN attributes.
The only issue then is that if you were already mapping AD groups (eg admin, employee, contractor) etc.. its "game over"
Darran
09-04-2006 04:07 AM
You need to map users of different Vlan w/ different groups in ACS bases on their domians. Each group in ACS should be configured for Dynamic ACls to be downloaded after authentication for that particular user. This way you can restrict the access of the user to his Vlan only .
Jasjeet
09-05-2006 11:56 AM
Thanks for the help! I will try it out on-site next week. - Dave
09-15-2006 05:30 AM
If each domain is on a different VLAN, does the ACS box need to be on a trunking port on the switch?
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide