we are using ACS4.2 to authenticate network admins to access switches and routers. ACS is integrated with Windows Active Directory.
so we map AD groups to ACS groups and we specify access restriction in ACS groups.
now we want to use this ACS to authenticate wireless users. wireless users will use their AD accounts.
so i think we should create a new internal group in ACS and map AD mobile users to this group. using Radius attributes we can put these users in one particular vlan.
however what if one network administrator will access the wireless network? he will use the AD account that belongs to both groups : network-admin group and wireless group.
so what will ACS do in this case? will it be mapped to the first group or the second or may be both?!!!