What I am trying to configure is a way to have 4 groups that get assigned different IP addressing when they authenicate against windows domain. Should this be done with the domain group mappings configuration, where I have a domain group, tie this to a ACS group, which then is tied to a IP Pool.
It is currently not possible to make use of any AD attributes from the authentication response and associate to groups dynamically to categorize users and assign ip addresses based on the groups.Alternately When ACS passes the authentication request, it is passed to AD and AD responds. When AD responds, the user information is cashed in ACS. And on ACS, based on the userid, a specific IP address can be assigned to distinguish different users and there by enabling network access controls on firewalls or routers for those IP addresses (in turn users).Advantage of this method is that there is no need to change the user profile information on clients. But the downside is that, whenever a user is added, ACS needs to be manually configured with an IP address for each user and also the user has to try first time login before the user is cashed and be configured with an IP address.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :