Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
flyan
flyan
Community Member
‎05-28-2003 10:20 PM
‎05-28-2003 10:20 PM

ACS 3.1 group problem

I created two groups on ACS 3.1. One is for wireless user ,another group is used for VPN client. I found that when I try to use VPN servece,I can also login with user ID belongs to wireless group and vice versa.

How can I isolate the user id of two groups ?

0 Helpful
Reply
2 REPLIES
mhoda
mhoda Silver
Silver
‎05-29-2003 07:04 AM
‎05-29-2003 07:04 AM

Re: ACS 3.1 group problem

Hi,

NAS (Network Access Restriction) Filter is the only options here. All you need to do is in your VPN group, just allow the AAA client for VPN device and deny rest of the NASes. Then in Wireless group, just allow the Wireless device as AAA client and deny the rest. Here are the links that will help you understanding and configuring NAR.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00800d9e6b.html#623269

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102176.html

Thanks,

Mynul

0 Helpful
Reply
bhameed
bhameed
Community Member
‎01-10-2004 11:38 PM
‎01-10-2004 11:38 PM

Re: ACS 3.1 group problem

Hi,

I am using ACS 3.2 with Win2K AD and group mappings to four AD user groups.

I had tried NAR feature but it does not seem to do any sort of filtering. I can still authenticate with users from other mapped groups to all the AAA clients even though the group NAR specifically permits only certain AAA clients and denies all other.

Any suggestions?

Regards

Biju

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
152
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs