cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
449
Views
0
Helpful
1
Replies

Separate Admins from "users" in ACS

dwhisinnand
Level 1
Level 1

I have two groups defined in my CiscoSecure ACS server. Network Admins are mapped to the Network Admins NT group with no NARs. Information Protection is mapped to the NT group Information Protection with limited access to a few network devices using NARs.

I?m testing PEAP authentication for wireless. I have setup the Unknown User Policy to check Windows database. I have mapped the default group to the NT group ?Wireless Computers? and ?Domain Users.? I see that both the computer name and Windows username are being put into the default group per the unknown user Policy when authentication takes place. My question is, how can I make sure the users in this default group have no access to the AAA clients I have defined? I have 1500 laptops and 2000 users for wireless. Is the unknown user policy the best way to populate the ACS in this scenario?

Thanks for the help,

Dave

1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: