01-07-2011 12:50 PM - edited 03-10-2019 05:42 PM
Hi All,
I've installed ACS 4 version. we have multiple device group which all of them use the same AD for authentication. we have created multiple NDG, now I need to create remote agent with the same IP address for each NDG but ACS doesn't let me to create multiple remote agent with the same IP address. how can I create multiple NDG, but all use the same remote agent?
thanks
Alex
Solved! Go to Solution.
01-07-2011 08:43 PM
Hi,
I am not sure if i understood your question properly. Anyway, i am defining my understanding below:
AAA clients are defined in the NDG on the ACS appliance.
ACS Appliance authenticates via AD.
ACS appliance needs RA to talk to AD.
Now in from your question, here is my understanding:
AAA Clients are defined in NDG. they are to authenticate via the AD. so to talk to AD we need to define RA per NDG.
Is that correct as your question?
If yes, then the flow is somewhat like this:
AAA Client sends authentication request.
The request reaches the ACS Appliance. For the appliance it is just a request no matter from where it comes. It sees that this has to be authenticated via the AD. inorder to do that it has to forward to the Remote Agent. so it will forward to Remote Agent which in turn will forward to the AD.
So, RA defination per NDG does not come into picture.
For reference purpose the link describing the NDG is as follows:
The link for Remote Agent is as follows:
I hope i have answered the question.
Regards,
Anisha
P.S.: Please mark this link resolved if you feel the query is answered.
01-07-2011 08:43 PM
Hi,
I am not sure if i understood your question properly. Anyway, i am defining my understanding below:
AAA clients are defined in the NDG on the ACS appliance.
ACS Appliance authenticates via AD.
ACS appliance needs RA to talk to AD.
Now in from your question, here is my understanding:
AAA Clients are defined in NDG. they are to authenticate via the AD. so to talk to AD we need to define RA per NDG.
Is that correct as your question?
If yes, then the flow is somewhat like this:
AAA Client sends authentication request.
The request reaches the ACS Appliance. For the appliance it is just a request no matter from where it comes. It sees that this has to be authenticated via the AD. inorder to do that it has to forward to the Remote Agent. so it will forward to Remote Agent which in turn will forward to the AD.
So, RA defination per NDG does not come into picture.
For reference purpose the link describing the NDG is as follows:
The link for Remote Agent is as follows:
I hope i have answered the question.
Regards,
Anisha
P.S.: Please mark this link resolved if you feel the query is answered.
01-09-2011 02:49 PM
Hello,
You do not need to create the same Remote agent entry in every NDG. Just create one entry for the ACS server in the Not assigned group and it would work as an agent for all NDGs.
What important here is to select the right remote agent under the external user database >> database configuration >> windows database >> remote agent selection.
Hope this helps.
Regards,
Jatin
~Do rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide