Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACS Forwarding Authentication

Hi all,

I've read the cisco ACS functionality called 'Unknown User Policy': if a user is not present in the local database the acs can forward the authentication request towards an other External Database.

My quesion is: can I use an other Cisco ACS as external databse? I mean i'd like to forward my authentication request to an other ACS?

Many thanks in advance for your support



Re: ACS Forwarding Authentication

You can map an external database to a Cisco Secure ACS group. Unknown users who authenticate using the specified database automatically belong to, and inherit the authorizations of, the group. For example, you could configure Cisco Secure ACS so that all unknown users who authenticate with a certain token server database belong to a group called Telecommuters. You could then assign a group setup that is appropriate for users who are working away from home, such as MaxSessions=1. Or you could configure restricted hours for other groups, but give unrestricted access to Telecommuters group members.

CreatePlease to create content