ACS, NAP And Advanced Filtering

Unanswered Question
Jan 18th, 2008
User Badges:

We have already implemented ACS applicance 4.1 integrated with AD.

But configuring NAP we faced the following problem - we want to use Advanved Filtering in NAP and filter users by users' membership in AD Security Groups.


are there any way to do it? if yes please tell me what attribute can be used for this.


Thank you,



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Thu, 01/24/2008 - 11:31
User Badges:
  • Bronze, 100 points or more

If the NAP is configured with

1. A Network Access Filter with a specific network access filter (not any)

2. Advanced Filtering rule that states "User-name contains host/"

The NAP is not matched when machine authentication occurs.


If the NAP is configured with

1. A Network Access Filter with "any"

2. Advanced Filtering rule that states "User-name contains host/"

The NAP is matched when machine authentication occurs.

After ACS installation "advanced filtering" lists include just IETF attributes.


If you happen to use other vendors (known to ACS) like Ascend, then usially

we need:

= define AAA client with RADIUS(Ascend) as a dictionaly

= goto "Interface configuration" -> RADIUS(Ascend) and select attributes

which you are going to use in group profiles.


Above steps are enough for these additional atttibutes to be added

to "advanced filtering" list as well. This is how it is supposed to work.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/ae.html


Actions

This Discussion