Cisco ACS Help

Discussion in 'Cisco' started by Robert B. Phillips, II, Jun 16, 2006.

  1. I am new to ACS so my apologies if this is a n00b question or in the
    documentation, I have viewed the documented but I am not finding how
    to accomplish what I am trying to accomplish.

    I have setup Cisco ACS to authenticate to the external Windows
    database (Active Directory). I have two domains, Domain A and Domain
    B. I have domain mappings setup to point ACS to each of the domains
    and the NT group within each domain with the user accounts I want to
    authenticate. I want to have some of our network devices to
    authenticate ONLY against Domain A and some of our network devices to
    authenticate ONLY against Domain B. I am not certain how to "segment"
    the network devices in ACS so that they only authenticate against the
    chosen domain. Right now all devices authenticate against either
    domain mapping. What is the best way of going about implementing this
    "segmentation"?

    We are on ACS version 4.0. The network devices right now are only
    Lantronix SCS100 console servers attached to Cisco 1751-V routers. In
    the future we will have other network devices authenticate here and
    will have VPN connections terminated on our ASAs authenticate here as
    well.

    Thanks.
    Robert Phillips, CCNA
     
    Robert B. Phillips, II, Jun 16, 2006
    #1
    1. Advertising

  2. Robert B. Phillips, II

    NetKing Guest

    I don't think this can be done. You authenticate the users against a
    database Windows/Ciscosecure to give access to devices. The devices
    don't care where the user autheticates. You can create two groups of
    users (one for each domaiin) and configure the devices to authenticathe
    against those groups.

    Rgds,

    Robert B. Phillips, II wrote:
    > I am new to ACS so my apologies if this is a n00b question or in the
    > documentation, I have viewed the documented but I am not finding how
    > to accomplish what I am trying to accomplish.
    >
    > I have setup Cisco ACS to authenticate to the external Windows
    > database (Active Directory). I have two domains, Domain A and Domain
    > B. I have domain mappings setup to point ACS to each of the domains
    > and the NT group within each domain with the user accounts I want to
    > authenticate. I want to have some of our network devices to
    > authenticate ONLY against Domain A and some of our network devices to
    > authenticate ONLY against Domain B. I am not certain how to "segment"
    > the network devices in ACS so that they only authenticate against the
    > chosen domain. Right now all devices authenticate against either
    > domain mapping. What is the best way of going about implementing this
    > "segmentation"?
    >
    > We are on ACS version 4.0. The network devices right now are only
    > Lantronix SCS100 console servers attached to Cisco 1751-V routers. In
    > the future we will have other network devices authenticate here and
    > will have VPN connections terminated on our ASAs authenticate here as
    > well.
    >
    > Thanks.
    > Robert Phillips, CCNA
     
    NetKing, Jun 17, 2006
    #2
    1. Advertising

  3. Is there a way I can allow a device authenticate only against a
    specific group within ACS?

    On 16 Jun 2006 17:11:48 -0700, "NetKing" <> wrote:

    >I don't think this can be done. You authenticate the users against a
    >database Windows/Ciscosecure to give access to devices. The devices
    >don't care where the user autheticates. You can create two groups of
    >users (one for each domaiin) and configure the devices to authenticathe
    >against those groups.
    >
    >Rgds,
    >
    >Robert B. Phillips, II wrote:
    >> I am new to ACS so my apologies if this is a n00b question or in the
    >> documentation, I have viewed the documented but I am not finding how
    >> to accomplish what I am trying to accomplish.
    >>
    >> I have setup Cisco ACS to authenticate to the external Windows
    >> database (Active Directory). I have two domains, Domain A and Domain
    >> B. I have domain mappings setup to point ACS to each of the domains
    >> and the NT group within each domain with the user accounts I want to
    >> authenticate. I want to have some of our network devices to
    >> authenticate ONLY against Domain A and some of our network devices to
    >> authenticate ONLY against Domain B. I am not certain how to "segment"
    >> the network devices in ACS so that they only authenticate against the
    >> chosen domain. Right now all devices authenticate against either
    >> domain mapping. What is the best way of going about implementing this
    >> "segmentation"?
    >>
    >> We are on ACS version 4.0. The network devices right now are only
    >> Lantronix SCS100 console servers attached to Cisco 1751-V routers. In
    >> the future we will have other network devices authenticate here and
    >> will have VPN connections terminated on our ASAs authenticate here as
    >> well.
    >>
    >> Thanks.
    >> Robert Phillips, CCNA
     
    Robert B. Phillips, II, Jun 19, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shireen
    Replies:
    0
    Views:
    2,366
    Shireen
    Sep 10, 2003
  2. Thomas Kuborn
    Replies:
    0
    Views:
    537
    Thomas Kuborn
    Oct 15, 2003
  3. Silvio Arcangeli
    Replies:
    0
    Views:
    2,459
    Silvio Arcangeli
    Oct 20, 2003
  4. webnetwiz

    Re: Cisco ACS Help

    webnetwiz, Jun 17, 2006, in forum: Cisco
    Replies:
    3
    Views:
    2,293
    Robert B. Phillips, II
    Jun 20, 2006
  5. Sakirana Karabudak

    Cannot login from ACS Admin -Cisco ACS 3.1

    Sakirana Karabudak, Dec 14, 2009, in forum: Cisco
    Replies:
    5
    Views:
    2,965
    Chino
    Dec 16, 2009
Loading...

Share This Page