using ACS 4.2 and I can't find a way to bind an incoming NAS port to a specifc IP Pool:
When a user connects the request to auth comes from 2 possible NAS ports randomly (this cannot change).
Depending on which NAS makes the requests determines the IP range required, so I need 2 IP Pools.
There is no way to say 'if request comes from NAS1 give IP from Pool1 and if request comes from NAS2 give IP from Pool2'
I have gone around and around with NAFs and NARs, but cannot do this.
I can create 2 ACS groups with the specific NAS and specific IP pool within, but then I cannot have a single username bound to both groups.
I moved the auth to an AD group in the hope that I could bind that single AD group to the 2 ACS groups; and so have a single username, but no joy.
Has anybody come across the problem before? Is there simply no way to do it (surely not)?
To illustrate the problem better:
NAS_port1 - 10.1.1.1 uses only IP_pool1 - 10.10.10.0
NAS_port2 - 10.2.2.2 uses only IP_pool2 - 10.20.20.0
Single Group1 (User1 cannot be in more than one group)
User 1 turns on device and connects to either NAS_port1 or NAS_port2 randomly
NAS_port1 makes the call to the ACS (on this occassion, it could have been #2)
USer 1 is seen within Group1 and permitted.
Group1 has both IP_pools available.
Which IP address does User1 get? Always the first pool until it is exhausted, regardless of NAS port making the request.
If NAS_port2 makes request but gets IP from IP_pool1 then the User1 will have the wrong IP address and so connectivity will not work.