Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
1
Replies

ACS/AD/Wireless

ohassairi
Level 5
Level 5

‎04-04-2010 03:37 AM - edited ‎03-10-2019 05:02 PM

hello

we are using ACS4.2 to authenticate network admins to access switches and routers. ACS is integrated with Windows Active Directory.

so we map AD groups to ACS groups and we specify access restriction in ACS groups.

now we want to use this ACS to authenticate wireless users. wireless users will use their AD accounts.

so i think we should create a new internal group in ACS and map AD mobile users to this group. using Radius attributes we can put these users in one particular vlan.

however what if one network administrator will access the wireless network? he will use the AD account that belongs to both groups : network-admin group and wireless group.

so what will ACS do in this case? will it be mapped to the first group or the second or may be both?!!!

Labels:
0 Helpful
1 Reply 1

Rodrigo Gurriti
Level 3
Level 3

‎04-05-2010 08:02 AM

Its all about the Groups and the maps.

You can create groups that will be used to authenticate and authorize the Admins to your devices.

Create a new group with a new map to a different group.

Lets say that you have 2 groups:

Router-Switches - authenticates and gives the authorization, like commands allows etc

WIFI - authenticates and  authorize it can put them on their vlans etc

You can do the following map:

router-switch --> ADMINISTRATORS (AD)

WIFI --> USERS - ADMINISTRATORS (AD)

Also take a look at this docs

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml

http://www.ciscosystems.lt/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

I hope it helps

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents