Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
1
Helpful
4
Replies

AnyConnect DHCP Pool - Based on A/D Group

wmoody329
Level 1
Level 1

‎05-30-2024 06:27 AM

Is it possible for the DHCP Pool assigned to the user to be based on their Active Directory Group?  Like to maybe have a default Pool, but for users in a specific Active Directory Group to get assigned an IP from a different local DHCP Pool?

Labels:
4 Replies 4

Rob Ingram
VIP
VIP

‎05-30-2024 06:33 AM

@wmoody329 if you use RADIUS for authentication/authorisation you can authorise the user based on their AD group membership and return a DHCP scope. You'd just create multiple rules based on the number of different AD groups, and return a different DHCP scope as required.

The RADIUS attribute to send to the user is "CVPN3000/ASA/PIX7x-DHCP-Network-Scope", example using ISE:-

RobIngram_0-1717075952036.png

 

 

0 Helpful

wmoody329
Level 1
Level 1
In response to Rob Ingram

‎05-30-2024 09:40 AM

Rob we are actually using MFA with Azure. I'm not sure if that simplifies the issue or not. 

0 Helpful

Rob Ingram
VIP
VIP
In response to wmoody329

‎05-30-2024 09:50 AM

@wmoody329 in this scenario before, I have used MFA for authentication and authorisation via RADIUS (ISE), which performs the lookup of the AD group membership and assigns the DHCP scope (as per above).

0 Helpful
Customers Also Viewed These Support Documents