Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco ACS allocate an address from two pools

Unanswered Question
Jan 29th, 2008
User Badges:

I have a Cisco ACS Server version 3.3

I have devices connecting to a remote cell network that routes through to the local corporate network. At the remote end they either connect to network or network, this is dynamic and cannot be fixed. They then route through a single router to a local router via a single point to point line. The local router then connects to a firewall.

The devices (or rather users) are authenticated at connection time using a local ACS Server (the corporate side of the firewall).

The problem I have is that if I create two pools e.g. Net12 for addresses and Net13 for, and apply these two pools to the group that all these remote users are defined under in ACS they only ever get addresses from the first pool i.e Net12,

The consequence is when they connect via network they are given addresses in network as this is the first defined pool. Obvioulsy they cannot communicate as they now have wrong addresses for the network they are on.

How can I get them assigned addresses in Net12 if they come from that network or Net13 if they come from that network? The ACS Server doesn't seem to follow the normal rules of supplying addresses based on where the source request is coming from.

Any help on this would be much appreciated.

Paul Kyte

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dongdongliu Tue, 01/29/2008 - 22:44
User Badges: include and

do you think so ?

paul.l.kyte Wed, 01/30/2008 - 02:50
User Badges:

No this will not work, it will still issue addresses from the start of the pool hence a Net13 ( user will get a Net12 ( address resulting in no comms.

Does anybody know how I can resolve the problem?



dongdongliu Wed, 01/30/2008 - 19:03
User Badges:

sorry Paul, I mean,

why pool Net12 and Net13 can not be merged into one Pool Net12_13 and 23 bite mask is used ?

paul.l.kyte Thu, 01/31/2008 - 08:33
User Badges:

No it cannot be a single pool containing all addresses.

What is required is for the ACS Server to supply a Net12 address if the users is on Network 12 i.e. the NAS or AAA Client sending the authentication has a network 12 address. Or for the ACS to supply a Net13 address if the users is on Network 13 i.e. the NAS or AAA Client sending the authentication has a network 13 address.

The ACS isn't doing this it is supplying the first available address fromthe defined pools regardsless of the network the client is on.

How do I make the ACS supply an address appropriate to where client is?

Before anyone advises it, I can't use DHCP to issue the addresses as the clients are on a third party network that will not allow this. What I need is for the ACS to be intelligent and supply an address based on the clients source network.




This Discussion