I am not sure if I am taking the proper steps to this or not. Here is my scenario:
I have a device that can utilize any Radius. I am using Cisco ACS 3.3. Only particular devices on our network will be allowed to authenticate via radius to this device. In a nutshell, if you are using mac address 00101010906c, when you connect to our network, you will be directly straight through ACS and into the device. Can this be accomplished through NDG? Or do I need to do something different? I appreciate your help.
I need to add that when the end users wants to go to the web or to any other network device, he must be able to, but if he wants to go to the NDG device, he must be authenticated and on the access list. Please advise. And I hope this is going to the right group (AAA),
Is this an issue that is only with ACS 3.3? Can this be accomplished in 3.2? Can someone out there, at least point me in a direction that I will be able to use? I have looked through some documentation and I am unclear on how to set up the NDG users. I am also wondering if this is the direction we need to take? Any ideas?
Sounds like you need to use Network Access Restrictions and not NDGs. NARs allow you to filter access based on the RADIUS attributes Calling-Station-Id and Called-Station-Id. Depending on your device these may or may not be populated with the client mac address.
However, ACS doesnt really have any support for un-authenticated access, so you need to authenticate a userid BEFORE the NAR gets applied.
In both NAC and wireless MAC auth, the device sends a pre-configured username+password to get around this. ACS can then apply the NAR post authentication.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :