My name is Ceriel Roland and I have a small problem:
We are using Cisco 3560 Switches with 12.2(44)SE2 IOS.
These switches are dot1x enabled with the ACS server.
Computers are authenticated trough certificates and it all works fine.
We also want to enable login with ACS server, but we dont want all users to have access.
Only the group AD_Admins needs to have access.
I created the group and added users.
On the switch I entered the command:
aaa authentication login AD_Admins local group radius
But the users cant login to the switch.
If i change the command to:
aaa authentication login default local group radius
Then users can login, but ALL users can login and i only want AD_Admins to be able to login.
How can i set this up for it to work?