how does NAP get applied to groups ?

Unanswered Question
Jul 27th, 2009
User Badges:

I defined two NAPs, one is Windows_PC, and one is IP_phone. How does ACS decide which NAP to apply when a PC or IP phone tries to connect?

Windows_PC NAP defined with PEAP EAP-MSCHAPv2 and AD database. While IP_phone defined EAP-MD5 and ACS internal database.

If I put IP_phone NAP in front, my phone can authenticate without issue, however my PC got Authen Failed because it was authenticated by IP_phone NAP, and EAP_PEAP was not configured.

If I move Windows_PC up, my phone won't be able to authenticate, because it got Authen Failed by Windows_PC NAP.

How can I fix it? Is there a way to define which NAP applies to which group or users?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 07/28/2009 - 13:20
User Badges:
  • Cisco Employee,

on ACS 4.x NAP is chosen based on the radius attributes that you define for each Profile, for example, for one nap you can define an ip address on the caller-id for each PC or phone or another specific radius attribute that will differentiate one request over the other.


This Discussion