how does NAP get applied to groups ?

Unanswered Question
Jul 27th, 2009

I defined two NAPs, one is Windows_PC, and one is IP_phone. How does ACS decide which NAP to apply when a PC or IP phone tries to connect?

Windows_PC NAP defined with PEAP EAP-MSCHAPv2 and AD database. While IP_phone defined EAP-MD5 and ACS internal database.

If I put IP_phone NAP in front, my phone can authenticate without issue, however my PC got Authen Failed because it was authenticated by IP_phone NAP, and EAP_PEAP was not configured.

If I move Windows_PC up, my phone won't be able to authenticate, because it got Authen Failed by Windows_PC NAP.

How can I fix it? Is there a way to define which NAP applies to which group or users?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 07/28/2009 - 13:20

on ACS 4.x NAP is chosen based on the radius attributes that you define for each Profile, for example, for one nap you can define an ip address on the caller-id for each PC or phone or another specific radius attribute that will differentiate one request over the other.


This Discussion