Hi Bruce, On 01/05/2012 09:54 PM, Bruce Boardman wrote:
We have an idea user our Cisco ACS RADIUS server to take different actions based on userid and MAC. We want to first check the MAC address and VLAN steer matches to a quarantine network, and if no MAC match then allow access via userid/AD lookup. The userid/AD lookup stuff works to an AD store no problem, but I've found the MAC matching is impossible per TAC as only the userid field is checked by ACS. Has anyone come up with a similar simple approach to quarantine or way around this limitation of the Cisco ACS?
No experience with ACS, but you could easily do this with other Radius servers; at least FreeRadius and OSC Radiator can work with complex authentication schemes and policies.
We're using Radiator with several account backends and VLAN override based on MAC address, works like a charm. Don't hesitate to contact me if you want to know the details.
Regards, Jeroen van Ingen ICT Service Centre University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
