Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


ACS 4.1 with Network Access Profiles

I've just upgraded to ACS 4.1 and am using a Network Access Profile (NAP) to ensure wireless users are authenticated against a Windows AD only (we had issues with overlapping user names for token-based access to other systems). I've had to add the internal database to the sequence of databases searched for this NAP to permit statically configured infrastructure AP credentials (in the ACS internal database) to be used to allow APs to authenticate to a WLSM.

All of this works, but I'm struggling to understand some entries in the user list (see attached JPEG) which shows the internal user, and an uneditable copy of that user which appears to have been used by the NAP. It just looked odd the first time I saw it, and I can't find any documentation which explains the interpretation of the Network Access Profile field in the user list.


Re: ACS 4.1 with Network Access Profiles


Its purely down to how NAP was implemented. In ACS v3.x a user could only be in one group at a time (even with dynamic mapping) and have one password type (either set by ACS admin or the first time an unknown user was authenticated)

With NAP in 4.x they got around this by creating multiple database entries for each user - one for each NAP.

Its perhaps a bit cludgy and the net result is that you might see the sames users listed multiple times.