Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting Wireless Access using ACS 3.3

We are currently running ACS 3.3 and I am trying to figure out how to restrict Wireless access to specific user groups. Our current setting is using PEAP and ACS as the Radius. Our user database is mapped to Windows 2003 AD. I've got the PEAP working and the radius authentication is also working but I cannot seem to figure out how to restrict the wireless access to specific Windows/ACS groups.

Erik

3 REPLIES
New Member

Re: Restricting Wireless Access using ACS 3.3

In ACS 3.3 we dont have advanced feature like Network Access Profile.

We can do one thing. Isolate all the wireless users to a specific group in Active directory.

Map this AD group to specific ACS group. In this way we can restrict the wireless access to specific Windows/ACS groups.

Silver

Re: Restricting Wireless Access using ACS 3.3

This approach doesnt really scale. If I'd already mapped AD groups like

admins -> acs admins

sales -> acs sales

etc

I cant add a second level of mapping. All I can do is replace the above with

wired users -> acs wired

wireless users -> acs wireless

I wouldnt be able to have multiple wireless authorisations.

New Member

Re: Restricting Wireless Access using ACS 3.3

Hi,

On ACS 3.3.x You can certinly achive this, al you have to do is configure NAR( Network Access Restriction) Here is the link which should provide you further informatio on it.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

-Parm

125
Views
0
Helpful
3
Replies
CreatePlease login to create content