Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 Group Mapping & Restriction

I am trying to setup group mapping on ACS 4.2/Windows for group mapping as shown below.

ACS--->Ext db--->Group mapping--->windows--->choose domain---> add mapping----> choose NT group and pick one acs group-->submit.

Wireless LAN users --> members of "WLAN group" in Active Driectory --> Mapped to "Group 05" in ACS
Network Administrators --> memmbers of "Network" group in Active Driectory --> Mapped to "Group 10" in ACS
Remote Access VPN users--> No mapping defined.

Now how should I proceed further? I want only the members of Network Admin to manage the network devices and similarly only the members of WLAN can use wireless LAN. Where can I specify this restriction?

3 REPLIES
Cisco Employee

Re: ACS 4.2 Group Mapping & Restriction

You would use Network Access Profiles for this, with the caveat that NAP's are only supported for RADIUS authentications.

New Member

Re: ACS 4.2 Group Mapping & Restriction

I am using TACACS with routers and Radius with WLAN. So this will not serve my purpose.

New Member

Re: ACS 4.2 Group Mapping & Restriction

This can be achieved with NAR. However I was facing some issues as I was using active directory on Widows 2008 R2 which has some compatability issues and this is fixed by applying patch on ACS.

301
Views
0
Helpful
3
Replies