Actually I'm talking both:
The specific question I posted was on correct formatting of MACs, (because I couldn't find it) but the broader issue I am trying to piece together is devising a way to have different policies on my SE's that can:
a) Authenticate clients (three types):
1) Thin and dumb clients (non-OS based workstations), printers, copiers, scanners, etc. based on their MAC addresses (authenticating against the SE's internal database which I imported via RDBMS)and...
2) Directly wired and 3) wireless Windows XP machines (against an external database, specifically group membership in our AD domain).
And,
b) User accounts: Specifically, our network management accounts (currently administrator accounts in our AD domain)used to manage network devices via SSH.
I am currently accomplishing all the above (except the dumb clients/MACs) using Microsoft IAS but (since we don't have schema admin rights in the domain) cannot do the MAC authentication with it so we're migrating to ACS's.
Reading through the user and config guides, I'm getting the drift that if I use the internal database (for the MAC authentication) then I'm locked into it - and then cannot then make another policy that looks to an external database for everything else.
If you've got any good leads, or reference materials, to expedite my search, I'd certainly appreciate it.
Thanks.
