Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 authentication using multiple external databases

Hi there.

We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:

1) VPN client (via ASA5510)

2) Wireless (EAP-PEAP)

For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.

We would like to try achieve the following in ACS:

  • IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is.

  • IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls).

Does anyone have any best practice guidance, configuration guides or previous experience in differentiating the request sources and how they are handled by ACS?

Many thanks


ACS 4.2 authentication using multiple external databases

Hello Malcom,

If you have ACS 4.2 you might want to implement Network Access Profiles:


This should be the best approach for you if using ACS 4.x.

If this was helpful please rate.


CreatePlease to create content