cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
447
Views
0
Helpful
2
Replies

ACS IP Pools

rschwendeman
Level 1
Level 1

What I am trying to configure is a way to have 4 groups that get assigned different IP addressing when they authenicate against windows domain. Should this be done with the domain group mappings configuration, where I have a domain group, tie this to a ACS group, which then is tied to a IP Pool.

2 Replies 2

pradeepde
Level 5
Level 5

It is currently not possible to make use of any AD attributes from the authentication response and associate to groups dynamically to categorize users and assign ip addresses based on the groups.Alternately When ACS passes the authentication request, it is passed to AD and AD responds. When AD responds, the user information is cashed in ACS. And on ACS, based on the userid, a specific IP address can be assigned to distinguish different users and there by enabling network access controls on firewalls or routers for those IP addresses (in turn users).Advantage of this method is that there is no need to change the user profile information on clients. But the downside is that, whenever a user is added, ACS needs to be manually configured with an IP address for each user and also the user has to try first time login before the user is cashed and be configured with an IP address.

jasjsingh
Level 1
Level 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: