OT: ACS Group/filtering Question

From: Ken Young (1000baset@gmail.com)
Date: Wed Jan 02 2008 - 14:12:10 ARST

• Next message: Scott Morris: "RE: Re¡G Port-security mac-address vs. mac-address sti"
• Previous message: Chan Hong: "Re¡G Port-security mac-address vs. mac-address s"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Happy New Year everyone!

I have an ACS question, I am relatively new with ACS and have a couple of
questions:

I am trying to configure a scenario such as this:

Group10  Can authenticate to Switch1 and Switch2

Group12  Can Authenticate to Switch1, 2, 3, 4

Group 14  Can Authenticate to all Wireless APs.  but not switches

I have the switches configured so they are authenticating to the ACS server
no problemlike wise for my Wireless clients.

The problem I am encountering is that it seems that if a user can
successfully authentication at all then can access all devices. I have
looked into NARs as I thought that would provide the function that I am
looking for but so far no luck.

The reverse seems very doableif a member of this group deny access. Buy
I can't seem to figure outIf a member of this group permit access. I am
sure I am missing something very simple.

• Next message: Scott Morris: "RE: Re¡G Port-security mac-address vs. mac-address sti"
• Previous message: Chan Hong: "Re¡G Port-security mac-address vs. mac-address s"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST