Restricting Wireless Access using ACS 3.3

broadjumper · ‎02-09-2007

We are currently running ACS 3.3 and I am trying to figure out how to restrict Wireless access to specific user groups. Our current setting is using PEAP and ACS as the Radius. Our user database is mapped to Windows 2003 AD. I've got the PEAP working and the radius authentication is also working but I cannot seem to figure out how to restrict the wireless access to specific Windows/ACS groups.

Erik

amrkrish · ‎02-09-2007

In ACS 3.3 we dont have advanced feature like Network Access Profile.

We can do one thing. Isolate all the wireless users to a specific group in Active directory.

Map this AD group to specific ACS group. In this way we can restrict the wireless access to specific Windows/ACS groups.

darpotter · ‎02-11-2007

This approach doesnt really scale. If I'd already mapped AD groups like

admins -> acs admins

sales -> acs sales

etc

I cant add a second level of mapping. All I can do is replace the above with

wired users -> acs wired

wireless users -> acs wireless

I wouldnt be able to have multiple wireless authorisations.

parmsing · ‎02-13-2007

Hi,

On ACS 3.3.x You can certinly achive this, al you have to do is configure NAR( Network Access Restriction) Here is the link which should provide you further informatio on it.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

-Parm