Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Group Lock issue, with RADIUS

I am trying to what seemes to be an simple issue, but !!!

group lock works with attribute 25, but if a user is sent for example to the default group on the ACS or any group where option 25 is not configured ( or configured to some value not avalable on the ASA ) the group lock policy is not enforced, I.E. the users gets in fine no matter what VPN group he is in

is that normal behavior ??

Cheers

Arni

1 REPLY
Silver

Re: Group Lock issue, with RADIUS

this is normal. it's the ASA does the group lock and not ACS. ACS just returns the group-name that the user should be in and the ASA does the checking!!.

ACS only checks the username/password, if they are valid it RETURNS (not check) the OU attribute.

Try this link:

http://www.cisco.com/warp/public/471/altigagroup.html

178
Views
0
Helpful
1
Replies
CreatePlease login to create content