I have devices connecting to a remote cell network that routes through to the local corporate network. At the remote end they either connect to network 192.168.12.0 or network 192.168.13.0, this is dynamic and cannot be fixed. They then route through a single router to a local router via a single point to point line. The local router then connects to a firewall.
The devices (or rather users) are authenticated at connection time using a local ACS Server (the corporate side of the firewall).
The problem I have is that if I create two pools e.g. Net12 for 192.168.12.0 addresses and Net13 for 192.168.12.0, and apply these two pools to the group that all these remote users are defined under in ACS they only ever get addresses from the first pool i.e Net12, 192.168.12.0.
The consequence is when they connect via network 192.168.13.0 they are given addresses in network 192.168.12.0 as this is the first defined pool. Obvioulsy they cannot communicate as they now have wrong addresses for the network they are on.
How can I get them assigned addresses in Net12 if they come from that network or Net13 if they come from that network? The ACS Server doesn't seem to follow the normal rules of supplying addresses based on where the source request is coming from.
No it cannot be a single pool containing all addresses.
What is required is for the ACS Server to supply a Net12 address if the users is on Network 12 i.e. the NAS or AAA Client sending the authentication has a network 12 address. Or for the ACS to supply a Net13 address if the users is on Network 13 i.e. the NAS or AAA Client sending the authentication has a network 13 address.
The ACS isn't doing this it is supplying the first available address fromthe defined pools regardsless of the network the client is on.
How do I make the ACS supply an address appropriate to where client is?
Before anyone advises it, I can't use DHCP to issue the addresses as the clients are on a third party network that will not allow this. What I need is for the ACS to be intelligent and supply an address based on the clients source network.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...