Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS IP Pools

What I am trying to configure is a way to have 4 groups that get assigned different IP addressing when they authenicate against windows domain. Should this be done with the domain group mappings configuration, where I have a domain group, tie this to a ACS group, which then is tied to a IP Pool.


Re: ACS IP Pools

It is currently not possible to make use of any AD attributes from the authentication response and associate to groups dynamically to categorize users and assign ip addresses based on the groups.Alternately When ACS passes the authentication request, it is passed to AD and AD responds. When AD responds, the user information is cashed in ACS. And on ACS, based on the userid, a specific IP address can be assigned to distinguish different users and there by enabling network access controls on firewalls or routers for those IP addresses (in turn users).Advantage of this method is that there is no need to change the user profile information on clients. But the downside is that, whenever a user is added, ACS needs to be manually configured with an IP address for each user and also the user has to try first time login before the user is cashed and be configured with an IP address.

New Member

Re: ACS IP Pools

CreatePlease to create content