12-11-2012 09:48 PM - edited 03-10-2019 07:53 PM
Hi,
i have created two ssid on WLC & authentication Via ACS to AD. after that i have configure TACACS+ on same ACS Server but some of the users can login in Wi-Fi which are not in member of Wi-Fi group.
Please find the below ACS configuration.
Group 1 >>>> HIgh managemnet Users " this user can login in SSID 1"
Group 3 >>>> Corporate User "this users can login in SSID 2"
In group configuration i have configure DNIS/CLI based configuration.
AAA client select
Port *
CLI *
DNIS *SSID1
same configuration for SSID 2
after that i have creat two more group for TACACS + for Device authentication (Shell command based) (Authentication through AD)
Group 5 >>>> Full Access
Group 6 >>>> Read Only Access.
but now what ever user are in group 5 & 6 those are login in Wifi.
how to stop them?
12-13-2012 08:51 PM
Hi,
In your authorization rules is the default rule set to Permit? If so please set it to Deny, when ACS is configured brand new the default policies are always set to permit.
If that is not the case please post screenshots of your policies, and also of the authentication report of the user that was allowed access.
Hope that helps.
Tarik Admani
*Please rate helpful posts*
12-30-2012 01:10 AM
Hi
I have configure above setting for SSID 1 in Group 1 & MAP security group (with AD) with Group 1 in external Database.
I have configure above setting for SSID 2 in Group 3 & MAP security group (with AD) with Group 3 in external Database.
till the time user maped in Group 3 is not login in group1 SSID.
after that i have configure TACACS + on same server with
Group 5 >>>> Full Access ( Shell command authorization Set)
Group 6 >>>> Read Only Access.( Shell command authorization Set)
Exp. hparekh is member of Group 6 & Group 3 but now it is login in Group 1 SSID.
Please find the External database setting
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide