Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

different routers authentication via MS-IAS

I have 1 IAS RADIUS server that authenticate different Cisco devices on my network which different groups should get access to.

the first group is VPN clients connecting to my ASA5505 -> only VPNusers group should get access here

the other groups are admins from different domains -> only members of the DomainAdmin2Cisco group should access here

I'll also need a 3rd group for non admin level 1 priv access

on ISA I've created 2 clients (ASA & switch) and 2 remote access rules - one per windows group

both group get access to both clients

I've tried most of the attributes on IAS side but they don't seem to matter

how do I differentiate (even on a mac-address level) between the radius clients?


Re: different routers authentication via MS-IAS

Please check this doc and see if that helps.



Community Member

Re: different routers authentication via MS-IAS

well, the doc didn't help but it did prompt me with an idea that solved it!

under policy conditions all documentation use Windows-Groups

I added a second condition: Client-Friendly-Name where I type the router\switch host name

it's working great with the one exception (I must complain about something, right?!) - I can't use a policy for more then 1 router (so I'll have to create a policy for each new router\switch I want to authenticate)

CreatePlease to create content