I am using ACS 5.4 and am trying to use groups to distinguish between two different types of host in order to specify vlan allocation per group. e.g. I want a group for Laptops and a group for Printers. Neither will be passing 802.1x (although I know the laptop can) and so I want to be able to say that if a particular host is an a specific group then add it to the specific vlan. Each device is added on the ACS as a host using its MAC Address for identification.
So far I have created identity groups for Laptops and Printers and added the hosts in appropriately.
I have an authorisation profiles for laptops and a separate one for printers. Each one simply specifies the vlan required.
With access policies I have create an Access Service for laptops and another one for printers.
Under the service selection rules I have created a separate rule for each which match Protocol = Radius and match UseCase=Host Lookup and based on this the result points to the respective Service. However I think this is where my problem is. Both the laptop and printer use the same 2 sets of criteria and because the printers rule is higher then it's rule is taken, so my laptop ends up in the printers vlan.
Is there a way to configure the service selection so it can identify whether my device is either a laptop or printer and therefore make the correct decision on which service to select ?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :