We have an idea user our Cisco ACS RADIUS server to take different actions based on userid and MAC. We want to first check the MAC address and VLAN steer matches to a quarantine network, and if no MAC match then allow access via userid/AD lookup. The userid/AD lookup stuff works to an AD store no problem, but I've found the MAC matching is impossible per TAC as only the userid field is checked by ACS. Has anyone come up with a similar simple approach to quarantine or way around this limitation of the Cisco ACS?
|Bruce Boardman, Network Engineer, Syracuse University - 315 889-1667 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
