Dan, We look at the Radius packets and parse for the user name. We also have a condition set that looks for a specific IP Pool. These two conditions dictate the roll that is applied. We utilize this to comply with NERC security standards.
CH -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Daniel Sichel Sent: Tuesday, June 02, 2009 11:10 AM To: [email protected] Subject: VPN SSO and MAC Filters I am just brainstorming here and have in no way thought this out or checked if it even works, but would it be possible to use the LDAP role assignment feature? It only works with one LDAP server so reliability might be an issue, but is there an LDAP attribute that would identify these particular logins? Could one be created? Dan S.
