Solved

How do I configure IAS to Authenticate a C2950 Switch

Posted on 2008-06-12
3
303 Views
Last Modified: 2008-06-26
I currently ave IAS installed on a Windows 2000 Server. I have 2 clients added which are ASA boxes used for VPN and they are setup to authenticate with Radius if the user is in a certain Active Directory Group. This works fine. Now I am looking at using the same IAS Server to authenticate users logging in to manage our switches (Cisco 2950s). From what I can see in the IAS console I can add additional policies but I don't see how to attach a policy to a client. I still want to leave the initial policy for my ASA clients (They must be in the VPN AD group) but for the Switch client I want only users that are in a different AD group (They must be in the Switch AD group) It looks like if I add additional policies my ASA clients will check all ploicies. Can I use IAS for both my needs here?
0
Comment
Question by:Sighclops
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 19

Accepted Solution

by:
Zaheer Iqbal earned 125 total points
ID: 21777754
0
 

Author Comment

by:Sighclops
ID: 21804856
This is a great article and I did find it on the web before. Follow it and i am up authenticating AD users for Switch management.

The main question above and which I am still trying to figure out is how to define a policy depending on the client. If I remove a user from my VPN AD group because I do not want them connecting via VPN but if they are in either of my Switch AD groups they will be able to connect via VPN. No matter which client looks for authentication it will go down the policies from top to bottom until it finds a match.
0
 

Author Comment

by:Sighclops
ID: 21877015
I have managed to get things working but not the way i would like. VPN enabled users can still connect and will be authenticated but they will not be authorized and receive an error.

I will mark this question as answered as the answer above does address the title of my question. Hopefully Windows 2003 will have more options as i may upgrade to this soon.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 8.4 Port Forward 4 58
How to limit traffic to Netscaler 10.5 VIP 3 171
Fiber optic multimode cable issue 6 76
creating SVI on layer 3 switch 1 74
When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question