We try to implement on our customer, NAC appliance integrating with Active Directory Single sign on.
The NAC configured with L2 OOB. User first connect to switch and got the authentice Vlan, then the user will be authenticate using their domain account login, if success the user will be mapping to the Vlan assign to them.
The agent SSO installed on Active Directory is running well, and at the CAS also the service SSO started.
Let say i've this situation:
1. User A has been assign to Vlan 15 Employee
2. User A plug to switch and got dummy vlan and will authenticate using Domain account on AD, If succeded than, the port will be bounce, the user running an cisco agent on background
3. Now user A has their on Vlan ID 15
I've created the Authentication server on CAM for the Active Directory, but i've find it's so difficult to config mapping rules between user roles to Active directory. The guidance pdf how to implement NAC i've downloaded from cisco, not mention it how to mapping user roles to Active Directory...
Has any one has been configured mapping rules user roles to Active directory?