I’m currently on a migration process from Microsoft NPS to Extreme Control.
We have a Cisco ASA as VPN-Gateway.
I will authenticate VPN-Users and Mgmt-Logins.
In the past we separate this with different “called-station-id” values.
Can I realize this with NAC? AFAIK I can’t check/match LDAP-Criteria (LDAP-User-Group) and Radius-Attribute (Radius-User-Group) at the same time.
Or Is there a way to realize this?
Best answer by Tomasz
Hi Mig, Peter,
just thinking loud, I suspect it would be possible to use User Group with LDAP/RADIUS lookups and End-System Group with LDAP lookups configured in a way that still a user is looked up…?
Hope that helps,