Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS 3.1 group problem

I created two groups on ACS 3.1. One is for wireless user ,another group is used for VPN client. I found that when I try to use VPN servece,I can also login with user ID belongs to wireless group and vice versa.

How can I isolate the user id of two groups ?

2 REPLIES
Silver

Re: ACS 3.1 group problem

Hi,

NAS (Network Access Restriction) Filter is the only options here. All you need to do is in your VPN group, just allow the AAA client for VPN device and deny rest of the NASes. Then in Wireless group, just allow the Wireless device as AAA client and deny the rest. Here are the links that will help you understanding and configuring NAR.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00800d9e6b.html#623269

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102176.html

Thanks,

Mynul

Community Member

Re: ACS 3.1 group problem

Hi,

I am using ACS 3.2 with Win2K AD and group mappings to four AD user groups.

I had tried NAR feature but it does not seem to do any sort of filtering. I can still authenticate with users from other mapped groups to all the AAA clients even though the group NAR specifically permits only certain AAA clients and denies all other.

Any suggestions?

Regards

Biju

152
Views
0
Helpful
2
Replies
CreatePlease to create content