Combine two access policies into one in CISCO ACS 5.7

neteng783 · ‎09-16-2015

Hi,

How to combine two access policies into one so that all devices will be able to authenticate against that policy. Two policies have few common protocols.

Thanks

nspasov · ‎09-16-2015

Can you pls elaborate a bit more on your issue. Gives us some details on exactly what you are trying to accomplish?

Thank you for rating helpful posts!

neteng783 · ‎09-16-2015

Hi Neno Spasov,

Here is the situation,

We have two access policies AP1 (allowing PAP, MS-Chapv2, PEAP, EAP-Fast) and AP2 (allowing MS_Chapv2, Leap, Peap etc). AP1 has one rule and AP2 has no rule inside, We want to consolidate these access policies and merge these into one policy.

can we do this way ?

allowing all the protocols of AP2 in AP1 itself and disable the AP2.

Please let me know if you have any other procedure to this task.

Thanks.

Ivan Gonzalez · ‎09-16-2015

Hi,

Yes, it can be done. Just go into the AP1 on the "Allowed Protocols" tab enable all the protocols you need and that should be all.

Note: Please marked as answered if applicable

neteng783 · ‎09-16-2015

Hi,

As i am going to remove the AP2, Does it affect any devices which are using AP2 ?

Is there a way to find which devices are using this AP2, so that once we do this process i can go and check login to those devices.

Do i need to make any other changes or just enable all the protocols ?

Thanks

Ivan Gonzalez · ‎09-17-2015

Hi,

The best way to determine which type of authentications are hitting AP2, would be by checking the conditions on the rules, to see if there is any condition based NDG "device type" or "location".

Now, since there are rules configured on AP1, you might also have to add "authorization rules" to allow access that used to hit AP2.