I'm trying to define a DAP using Radius attributes but the policy is not being correctly assigned. I've tried using attribute value 25 and 145 based off the following documentation.
Users connect via an Anyconnect Client, then based of their AD groups (via Radius server) they are assigned to Group Policy. Instead of creating several different Group Policies and multiple NPS network policies I'd like to use DAP to define more granular access.
Has anybody successfully done this as what Radius attribute did you use?
Those radius attributes are as you have seen already, used to assign Group Policy not DAPs. I have not tried it, but does it not work, if you send the class 25 attribute from NPS, as the AD group name, and then use a DAP to match that AAA value ?
I tried (i think) what you are speaking about here without much success. At the moment the only way I can add a group policy to a DAP is by specifying it from the drop down list. I figure there must be some way of doing it as the radius option is available.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
