ACS 4.2 Group Mapping & Restriction

Unanswered Question
Aug 18th, 2010
User Badges:

I am trying to setup group mapping on ACS 4.2/Windows for group mapping as shown below.

ACS--->Ext db--->Group mapping--->windows--->choose domain---> add mapping----> choose NT group and pick one acs group-->submit.

Wireless LAN users --> members of "WLAN group" in Active Driectory --> Mapped to "Group 05" in ACS
Network Administrators --> memmbers of "Network" group in Active Driectory --> Mapped to "Group 10" in ACS
Remote Access VPN users--> No mapping defined.

Now how should I proceed further? I want only the members of Network Admin to manage the network devices and similarly only the members of WLAN can use wireless LAN. Where can I specify this restriction?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Javier Henderson Thu, 08/19/2010 - 12:48
User Badges:
  • Cisco Employee,

You would use Network Access Profiles for this, with the caveat that NAP's are only supported for RADIUS authentications.

avilt Thu, 08/19/2010 - 18:07
User Badges:

I am using TACACS with routers and Radius with WLAN. So this will not serve my purpose.

avilt Wed, 08/25/2010 - 22:50
User Badges:

This can be achieved with NAR. However I was facing some issues as I was using active directory on Widows 2008 R2 which has some compatability issues and this is fixed by applying patch on ACS.


This Discussion