Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Separate Admins from "users" in ACS

I have two groups defined in my CiscoSecure ACS server. Network Admins are mapped to the Network Admins NT group with no NARs. Information Protection is mapped to the NT group Information Protection with limited access to a few network devices using NARs.

I?m testing PEAP authentication for wireless. I have setup the Unknown User Policy to check Windows database. I have mapped the default group to the NT group ?Wireless Computers? and ?Domain Users.? I see that both the computer name and Windows username are being put into the default group per the unknown user Policy when authentication takes place. My question is, how can I make sure the users in this default group have no access to the AAA clients I have defined? I have 1500 laptops and 2000 users for wireless. Is the unknown user policy the best way to populate the ACS in this scenario?

Thanks for the help,

Dave

1 REPLY
Bronze

Re: Separate Admins from "users" in ACS

238
Views
0
Helpful
1
Replies
CreatePlease login to create content