Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco ACS Help

Reply
Thread Tools

Cisco ACS Help

 
 
Robert B. Phillips, II
Guest
Posts: n/a
 
      06-16-2006
I am new to ACS so my apologies if this is a n00b question or in the
documentation, I have viewed the documented but I am not finding how
to accomplish what I am trying to accomplish.

I have setup Cisco ACS to authenticate to the external Windows
database (Active Directory). I have two domains, Domain A and Domain
B. I have domain mappings setup to point ACS to each of the domains
and the NT group within each domain with the user accounts I want to
authenticate. I want to have some of our network devices to
authenticate ONLY against Domain A and some of our network devices to
authenticate ONLY against Domain B. I am not certain how to "segment"
the network devices in ACS so that they only authenticate against the
chosen domain. Right now all devices authenticate against either
domain mapping. What is the best way of going about implementing this
"segmentation"?

We are on ACS version 4.0. The network devices right now are only
Lantronix SCS100 console servers attached to Cisco 1751-V routers. In
the future we will have other network devices authenticate here and
will have VPN connections terminated on our ASAs authenticate here as
well.

Thanks.
Robert Phillips, CCNA
 
Reply With Quote
 
 
 
 
NetKing
Guest
Posts: n/a
 
      06-17-2006
I don't think this can be done. You authenticate the users against a
database Windows/Ciscosecure to give access to devices. The devices
don't care where the user autheticates. You can create two groups of
users (one for each domaiin) and configure the devices to authenticathe
against those groups.

Rgds,

Robert B. Phillips, II wrote:
> I am new to ACS so my apologies if this is a n00b question or in the
> documentation, I have viewed the documented but I am not finding how
> to accomplish what I am trying to accomplish.
>
> I have setup Cisco ACS to authenticate to the external Windows
> database (Active Directory). I have two domains, Domain A and Domain
> B. I have domain mappings setup to point ACS to each of the domains
> and the NT group within each domain with the user accounts I want to
> authenticate. I want to have some of our network devices to
> authenticate ONLY against Domain A and some of our network devices to
> authenticate ONLY against Domain B. I am not certain how to "segment"
> the network devices in ACS so that they only authenticate against the
> chosen domain. Right now all devices authenticate against either
> domain mapping. What is the best way of going about implementing this
> "segmentation"?
>
> We are on ACS version 4.0. The network devices right now are only
> Lantronix SCS100 console servers attached to Cisco 1751-V routers. In
> the future we will have other network devices authenticate here and
> will have VPN connections terminated on our ASAs authenticate here as
> well.
>
> Thanks.
> Robert Phillips, CCNA


 
Reply With Quote
 
 
 
 
Robert B. Phillips, II
Guest
Posts: n/a
 
      06-19-2006
Is there a way I can allow a device authenticate only against a
specific group within ACS?

On 16 Jun 2006 17:11:48 -0700, "NetKing" <(E-Mail Removed)> wrote:

>I don't think this can be done. You authenticate the users against a
>database Windows/Ciscosecure to give access to devices. The devices
>don't care where the user autheticates. You can create two groups of
>users (one for each domaiin) and configure the devices to authenticathe
>against those groups.
>
>Rgds,
>
>Robert B. Phillips, II wrote:
>> I am new to ACS so my apologies if this is a n00b question or in the
>> documentation, I have viewed the documented but I am not finding how
>> to accomplish what I am trying to accomplish.
>>
>> I have setup Cisco ACS to authenticate to the external Windows
>> database (Active Directory). I have two domains, Domain A and Domain
>> B. I have domain mappings setup to point ACS to each of the domains
>> and the NT group within each domain with the user accounts I want to
>> authenticate. I want to have some of our network devices to
>> authenticate ONLY against Domain A and some of our network devices to
>> authenticate ONLY against Domain B. I am not certain how to "segment"
>> the network devices in ACS so that they only authenticate against the
>> chosen domain. Right now all devices authenticate against either
>> domain mapping. What is the best way of going about implementing this
>> "segmentation"?
>>
>> We are on ACS version 4.0. The network devices right now are only
>> Lantronix SCS100 console servers attached to Cisco 1751-V routers. In
>> the future we will have other network devices authenticate here and
>> will have VPN connections terminated on our ASAs authenticate here as
>> well.
>>
>> Thanks.
>> Robert Phillips, CCNA

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot login from ACS Admin -Cisco ACS 3.1 Sakirana Karabudak Cisco 5 12-16-2009 04:49 PM
Re: Cisco ACS Help webnetwiz Cisco 3 06-20-2006 11:10 AM
Using Cisco ACS to authenticate against LDAP through SSL Silvio Arcangeli Cisco 0 10-20-2003 11:08 AM
Cisco Secure ACS v3.2.1 & Active Directory Thomas Kuborn Cisco 0 10-15-2003 07:52 AM
connect to cisco console from cyclades acs Shireen Cisco 0 09-10-2003 12:16 PM



Advertisments