Sighclops
asked on
How do I configure IAS to Authenticate a C2950 Switch
I currently ave IAS installed on a Windows 2000 Server. I have 2 clients added which are ASA boxes used for VPN and they are setup to authenticate with Radius if the user is in a certain Active Directory Group. This works fine. Now I am looking at using the same IAS Server to authenticate users logging in to manage our switches (Cisco 2950s). From what I can see in the IAS console I can add additional policies but I don't see how to attach a policy to a client. I still want to leave the initial policy for my ASA clients (They must be in the VPN AD group) but for the Switch client I want only users that are in a different AD group (They must be in the Switch AD group) It looks like if I add additional policies my ASA clients will check all ploicies. Can I use IAS for both my needs here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have managed to get things working but not the way i would like. VPN enabled users can still connect and will be authenticated but they will not be authorized and receive an error.
I will mark this question as answered as the answer above does address the title of my question. Hopefully Windows 2003 will have more options as i may upgrade to this soon.
I will mark this question as answered as the answer above does address the title of my question. Hopefully Windows 2003 will have more options as i may upgrade to this soon.
ASKER
The main question above and which I am still trying to figure out is how to define a policy depending on the client. If I remove a user from my VPN AD group because I do not want them connecting via VPN but if they are in either of my Switch AD groups they will be able to connect via VPN. No matter which client looks for authentication it will go down the policies from top to bottom until it finds a match.