Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
1
Replies

ACS, NAP And Advanced Filtering

agipkcolon
Level 1
Level 1

‎01-18-2008 08:33 PM - edited ‎03-10-2019 03:36 PM

We have already implemented ACS applicance 4.1 integrated with AD.

But configuring NAP we faced the following problem - we want to use Advanved Filtering in NAP and filter users by users' membership in AD Security Groups.

are there any way to do it? if yes please tell me what attribute can be used for this.

Thank you,

Labels:
0 Helpful
1 Reply 1

htarra
Level 4
Level 4

‎01-24-2008 11:31 AM

If the NAP is configured with

1. A Network Access Filter with a specific network access filter (not any)

2. Advanced Filtering rule that states "User-name contains host/"

The NAP is not matched when machine authentication occurs.

If the NAP is configured with

1. A Network Access Filter with "any"

2. Advanced Filtering rule that states "User-name contains host/"

The NAP is matched when machine authentication occurs.

After ACS installation "advanced filtering" lists include just IETF attributes.

If you happen to use other vendors (known to ACS) like Ascend, then usially

we need:

= define AAA client with RADIUS(Ascend) as a dictionaly

= goto "Interface configuration" -> RADIUS(Ascend) and select attributes

which you are going to use in group profiles.

Above steps are enough for these additional atttibutes to be added

to "advanced filtering" list as well. This is how it is supposed to work.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/ae.html

0 Helpful
Customers Also Viewed These Support Documents