If the NAP is configured with
1. A Network Access Filter with a specific network access filter (not any)
2. Advanced Filtering rule that states "User-name contains host/"
The NAP is not matched when machine authentication occurs.
If the NAP is configured with
1. A Network Access Filter with "any"
2. Advanced Filtering rule that states "User-name contains host/"
The NAP is matched when machine authentication occurs.
After ACS installation "advanced filtering" lists include just IETF attributes.
If you happen to use other vendors (known to ACS) like Ascend, then usially
we need:
= define AAA client with RADIUS(Ascend) as a dictionaly
= goto "Interface configuration" -> RADIUS(Ascend) and select attributes
which you are going to use in group profiles.
Above steps are enough for these additional atttibutes to be added
to "advanced filtering" list as well. This is how it is supposed to work.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/ae.html