Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest vlan

I am integrating ACS with windows ADS for dot1x authentication. I m sucesfully able to get the requirement. But I have only one ACS. If my acs fails all my users will not be able to login into the network. Is there a way I can make the user get only internet access when acs is down? If yes how can i achieve this.

2 REPLIES
Silver

Re: Guest vlan

This depends entirely on the authenticating devices and what backup facility they offer in case the AAA server goes down.

I suspect the only "catch all" solution would be a failover AAA server. You could perhaps enable IAS on your AD server and configure it for guest access. If ACS ever goes down IAS would take over.

Actually thats kind of neat as it gets around the failover ACS suffering a similar problem to the primary. IAS is essentially free as part of Windows server.

Darran

New Member

Re: Guest vlan

Darran,

When the ACS goes down all the user gets guest vlan which i haveconfigured. But they dont get any ip address as well they limited access. Is it a way where i can make them part of a vlan from where they can only access internet.

119
Views
0
Helpful
2
Replies
CreatePlease login to create content