Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I configure IAS to Authenticate a C2950 Switch

Posted on 2008-06-12
3
Medium Priority
?
305 Views
Last Modified: 2008-06-26
I currently ave IAS installed on a Windows 2000 Server. I have 2 clients added which are ASA boxes used for VPN and they are setup to authenticate with Radius if the user is in a certain Active Directory Group. This works fine. Now I am looking at using the same IAS Server to authenticate users logging in to manage our switches (Cisco 2950s). From what I can see in the IAS console I can add additional policies but I don't see how to attach a policy to a client. I still want to leave the initial policy for my ASA clients (They must be in the VPN AD group) but for the Switch client I want only users that are in a different AD group (They must be in the Switch AD group) It looks like if I add additional policies my ASA clients will check all ploicies. Can I use IAS for both my needs here?
0
Comment
Question by:Sighclops
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 19

Accepted Solution

by:
Zaheer Iqbal earned 375 total points
ID: 21777754
0
 

Author Comment

by:Sighclops
ID: 21804856
This is a great article and I did find it on the web before. Follow it and i am up authenticating AD users for Switch management.

The main question above and which I am still trying to figure out is how to define a policy depending on the client. If I remove a user from my VPN AD group because I do not want them connecting via VPN but if they are in either of my Switch AD groups they will be able to connect via VPN. No matter which client looks for authentication it will go down the policies from top to bottom until it finds a match.
0
 

Author Comment

by:Sighclops
ID: 21877015
I have managed to get things working but not the way i would like. VPN enabled users can still connect and will be authenticated but they will not be authorized and receive an error.

I will mark this question as answered as the answer above does address the title of my question. Hopefully Windows 2003 will have more options as i may upgrade to this soon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question