different routers authentication via MS-IAS

Unanswered Question

I have 1 IAS RADIUS server that authenticate different Cisco devices on my network which different groups should get access to.

the first group is VPN clients connecting to my ASA5505 -> only VPNusers group should get access here

the other groups are admins from different domains -> only members of the DomainAdmin2Cisco group should access here

I'll also need a 3rd group for non admin level 1 priv access

on ISA I've created 2 clients (ASA & switch) and 2 remote access rules - one per windows group

both group get access to both clients

I've tried most of the attributes on IAS side but they don't seem to matter

how do I differentiate (even on a mac-address level) between the radius clients?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

well, the doc didn't help but it did prompt me with an idea that solved it!

under policy conditions all documentation use Windows-Groups

I added a second condition: Client-Friendly-Name where I type the router\switch host name

it's working great with the one exception (I must complain about something, right?!) - I can't use a policy for more then 1 router (so I'll have to create a policy for each new router\switch I want to authenticate)


This Discussion