ACS- Dynamic VLANS for different ACS groups with AD

Hi all,
How do I tied diff Active Directory domain groups to diff ACS defined groups? Each domain group will be tied to an ACS defined group with a diff vlan. I read about the option in help but don't see the option to actually do it.
using ACS 3.3.
JT

You could refer to the document 'User Group Mapping and Specification' at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/qg.htm#.

Similar Messages

  • 802.1x dynamic vlan assignment using ACS 4.2

    Hi
    we have 10 switches 2960 configured with 802.1x authentication against ACS server 4.2.
    we have 2 vlans configured on the switches for administrator and endusers. the end user vlan id is 10 and the administartor vlan is is 100.
    we need to apply the following scenario, if the enduser PC - that is connected to vlan 10 - has an issue and the administrator will login to the PC with the administrator account to fix that issue, the switch should dynamically reconfigure the port with the administrator vlan ( 100 ) .
    is the above scenario doable using dot1x with the ACS server?
    waiting your replies
    Mohamed

    Hi,
    I have the following scenario
    2 bulidings with multiple floor
    Each floor should be in different VLAN.
    The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
    Each
    user should be able to connect and roam around between any building.
    when ever a user is connecting his laptop to any floor, he should be
    made part of that respective vlan. It is not requred to have the same
    IP rage to be allocated, but the dynamic VLAN should be based on the
    switch port location.
    Can
    I configure ACS in such a way that, the ACS will allocate dynamic VLAN
    for every 802.1x authentication  based on the Network Device Group.
    Please refer the attached diagram
    Hi,
    Check out the below link for your requirement for dynamic vlan assignement using ACS
    http://www.ciscosystems.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
    Hope to Help !!
    Ganesh.H
    Remember to rate the helpful post

  • 802.1x Dynamic Vlan assignment using ACS

    Hi,
    I have the following scenario
    2 bulidings with multiple floor
    Each floor should be in different VLAN.
    The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
    Each user should be able to connect and roam around between any building. when ever a user is connecting his laptop to any floor, he should be made part of that respective vlan. It is not requred to have the same IP rage to be allocated, but the dynamic VLAN should be based on the switch port location.
    Can I configure ACS in such a way that, the ACS will allocate dynamic VLAN for every 802.1x authentication  based on the Network Device Group. Please refer the attached diagram

    Hi,
    I have the following scenario
    2 bulidings with multiple floor
    Each floor should be in different VLAN.
    The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
    Each
    user should be able to connect and roam around between any building.
    when ever a user is connecting his laptop to any floor, he should be
    made part of that respective vlan. It is not requred to have the same
    IP rage to be allocated, but the dynamic VLAN should be based on the
    switch port location.
    Can
    I configure ACS in such a way that, the ACS will allocate dynamic VLAN
    for every 802.1x authentication  based on the Network Device Group.
    Please refer the attached diagram
    Hi,
    Check out the below link for your requirement for dynamic vlan assignement using ACS
    http://www.ciscosystems.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
    Hope to Help !!
    Ganesh.H
    Remember to rate the helpful post

  • How to call hr_location_api.create_location for different address style with only those fields that belongs specific to  that address style.

    How to call hr_location_api.create_location for different address style with only those fields that belongs specific to  that address style. It should decide at run time means at run time it will come to know the type of address style and based on that only the fields which belong to address details mapped to calling hr_location_api.create_location.
    Thanks in advance.

    You can create a wrapper package on top of the API (hr_location_api.create_location)
    In the wrapper package you set all the values dynamically based on your requirements(say the style and add_line columns are populated on your conditions) and then you call the API.
    Does that not work ?

  • How to set different default interactive reports for different user groups?

    I'm probably overlooking an obvious solution, but how do I set different default interactive report for different user groups?
    For the same interactive report, I want one set of users to see a default where the default filter is based on column X. However, another group of users doesn't have authorization to see that column so I need to set the default filter to something else for them.
    Thanks

    You can set a filter on a report in a URL - would that help? I think with apex 4.x you can also link to a saved default report or alternative report...

  • Access control for different user groups in APEX 4.0

    Hi guys,
    in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
    The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
    Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
    Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
    Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
    How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
    We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

    Hi Errol,
    to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
    This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
    In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
    Regards
    Andre

  • How to create a transaction code for a function group with screen 100 as st

    Hello ,
    I have requirement where I need to create a function group and create screen 100, 200, 300 and include the function in the screens.
    Customer asked me to create a transaction with the screen 100 as the starting screen.
    Can you please let me know how to create a transaction code for a function group with screen 100 as starting screen.
    [ It is not a module pool program ].
    Thanks
    Prashanth.
    Moderator message - Please ask a specific question and do not ask the forum to do your work for you - post locked
    Edited by: Rob Burbank on Jun 2, 2009 11:49 AM

    Go to transaction SE93, enter a transaction code that you want and click on "create". Enter a text and select the "Transaction with Parameters" button. In the Default Values section, enter START_REPORT in the transaction field. Check the "skip initial screen" box. In the Name of Screen field section enter the following lines:
    Name of screen field:                               Value
    D_SREPOVARI-REPORTTYPE                RW
    D_SREPOVARI-REPORT                        ZPCA
    Save and transport accordingly.

  • If there's not gonna be dynamic wallpaper for iPhone 4's with iOS 7, can there at least be a panoramic feature??!!

    If there's not gonna be dynamic wallpaper for iPhone 4's with iOS 7, can there at least be a panoramic feature??!!

    No. From the iOS 7 features page:
    Panorama format is available on iPhone 4S, iPhone 5, and iPod touch (5th generation). Square and video formats and swipe to capture are available on iPhone 4 or later, iPad (3rd generation or later), iPad mini, and iPod touch (5th generation).
    Sorry, but if you want those features, you'll need a newer iPhone.
    Regards.

  • How to Generate 997 for different trading partner with different Interchang

    How to Generate 997 for different trading partner with different InterchangIDS
    We are planning to use same working “ABC -> XYZ (Host)” 850 “ecs” file even for “EFG -> XYZ (Host)” 850 Transaction. And we have successfully implemented without any issues.
    We wanted to send 997 Acknowledgement in case of “EFG -> XYZ (Host)” 850 transaction.
    In this case also we would like to use same “ecs” file which has been used for “XYZ (Host) -> ABC”.
    After adding the 997 capabilities to Stanley I don’t see any extra capability added to “XYZ (Host)” trading partner.
    The generated 997 for Stanely EDI file doesn’t reflect the “XYZ (Host)” trading partner Interchange ID. It is getting reflected the previous 997 Transaction “XYZ (Host)” Intercahnge ID.
    We use following Interchange ID’s
    ABC = 005381447
    XYZ (Host) = 049894764
    EFZ = SWEOT30013
    XYZ (Host) = 5273851T
    The 997 which is generated has the InterchangeID as this “049894764” instead of “5273851T”
    Regards
    Ravi

    Hi Ravi,
    You have to have the two Delivery Channels under Host TP's communication capability. One host delivery channel should be used with one TP only and will have specific values to that TP.
    Go to the Exchange Protocol Parameters of Host TP (XYZ) delivery channel (which you are using in the agreement with EFZ) and provide the required values here. Revalidate and redeploy the agreements and run a test. Let us know if you still face issue.
    Regards,
    Anuj

  • How to set different urls for logoff button for different user groups

    HI All,
    We have two different set of users in our company .when one user group clicks on the logoff button in masthead we want to redirect them to for example www.google.com and for the other group we want to redirect to www.gmail.com.
    How can we acheive this particular requirement
    Thanks
    Bala Duvvuri

    hi bala,
    For the  two user groups maintain two different desktops, two/same themes and frame work.change the headeriview jsp in masthead par file to Google and save it as masthead1 and another one with gmail as masthead2 then create iviews with that par file and assign them to different groups and make invisible the default masthead iview.then the users get the logoff based on group you can get some wikis on changing log off or redirecting log off, check these threads
    Portal logoff : Redirection or Close the Entire Window
    Portal Logoff redirection URL
    Regards
    Mahesh

  • PO Group for different Purchasing Groups of SC Items

    Hi ,
    I want to create a single PO if 2 different PO Groups are available for items in SC.
    I could see that standard code is splitting PO for different vendors different Purchasing Groups contracts and soo on.
    is it possible to create a single PO for my case mentioned above.
    I am using BADI  BBP_BS_GROUP_BE for this but don't understand how to go about it.
    Please help with your useful suggestions.
    Thanks.

    Hi
    PO can be splitted based on Header Data
    Company Code
    Purchasing Organization,
    Purchase Group
    Vendor
    It also depends upon the backend customizing for assignmnet of plant to Purchasing Organization
    Thanks
    Trinath

  • Is it possible to have a different SLO for different support groups?

    Example:
    Service Desk receives an IR at 8AM and an SLO is applied to it with 4 hours to resolve at 12PM. An analyst assigns the IR to them and sets the first response. After 3 hours of troubleshooting they determine that it needs to be sent to another support group.
    The analyst clears their name from assigned to, and changes the support group. At this point the IR is calculated for the new support groups queue and a new SLO is applied extending the time for another 4 hours.
    I have it down that it does apply a new SLO, but it does not extend the time for the next tier. If there is 1 hour left on the old SLO, it just adds the new SLO but says the new target end date is 1PM instead of 4PM. Am I not setting it up correctly?
    I want the new SLO applied to the next support group to start at the time it was transferred to their group. 
    I have queues, metrics, calendars, and SLOs all setup for each support group.  

    Not sure that makes much sense, ITIL-wise. Then again, I am no ITIL-wizard. 
    Also you should consider the potential performance impact. Depending on the number of different support groups (I guess you also take priority into considertion?) and how many active incidents in the CMDB you could be facing trouble.
    Don't know about the technical implementation. Sounds about right though.
    Cheers,
    Anders Spælling
    Senior Consultant
    Blog:  
    Twitter:   LinkedIn:
    Please remember to 'Propose as answer' if you find a reply helpful

  • Release Strategy in PR not triggered for different Purchase Groups.

    Dear Experts,
    For Purchase Requistion - Header Level Release Strategy has been defined with Purchase Group as one of the Characteristics(Characteristic Values are V1, V2, V3).
    When PR is created for 30Line items with V1, V2 or V3 as Purchase groups independently- Release Strategy is triggered.
    But when  a combination of all 3 Purchase groups is used in the same PR for 30 Line items together. No Release Strategy is Triggered. All these 3 Purchase groups have been assigned for all strategies.
    Thanks & Regards
    Chandan H N

    You are using characteristic P. Group for different RS. That means that if only one value exists, the system will be able to understand which RS to implement. If you are using more than one values for this characteristic, the system simply does not know which RS to choose and takes nothing.
    More simply you are using a header data (p. Goup) for RS and you are using it in line items. This is wrong. You have to make PR's only for the respective P. Group

  • Dynamic VLAN for wireless

    Hi Team,
    I have a doubt .....
    In our office we have 4 access point .... and as wifi users increases we are planning to create 4 VLAN and each VLAN
    have one AP .. but the problem is When wifi users roam from one AP to another AP i,e from one vlan to another vlan they get disconnected.
    My question is .... if i deploy dynamic VLAN, will the client be able to get connected to the internet when roaming from one VLAN to another VLAN
    without any hiccups .... as this can be real issue when they are on call or transferring files
    Below is our current network topology:
    Router: LAN: 192.168.1.1 255.255.255.0
    DHCP Scope on Router:
    VLAN1 - 192.168.1.3 - 250 
    VLAN10 - 192.168.10.3 - 250
    VLAN20 -  192.168.20.3 - 250
    VLAN30 - 192.168.30.3 - 250
    VLAN40 - 192.168.40.3 - 250
    Switch SG300: L3 Mode
    VLAN1 - ip 192.168.1.254 (Default VLAN)
    VLAN10 - ip 192.168.10.254
    VLAN20 - 192.168.20.254
    VLAN30 - 192.168.30.254
    VLAN40 - 192.168.40.254
    AP1 = VLAN10, AP2 = VLAN20, AP3 = VLAN30, AP4 = VLAN40
    All local routing between the VLANs are taken care by the Switch
    and the router is routing the traffic for all VLANs when client wants to go to internet...
    Pliz help......

    Hi,
    can you please mention are using any controller for these ap's.
    If so they should not disconnect because all the traffic is handled by controller.
    let say you have client 1 on AP1 as below,
    client1- AP1---- AP2
    when it roam from AP1 to AP2 it should not disconnect. Due to mobility functionality client should not disconnect nor loss the traffic. Only controller get updated with AP binding table

  • Mass creation of common folders for different user groups

    Hello Experts,
    We are using Portal 7.0 SP12 and we have 10 different user groups created in Portal.
    Based on this group structure, we need to create two common folders in each of the user's personnel documents in KM.
    Is there is any way to achieve this kind of requirement ?
    Can we do mass creation of these two common folders which will be assigned to all of the groups. This needs to be done in user's personnel documents and not in Public documents.
    Any help in this context would be highly appreciated. points assured.
    Thanks in advance,
    Anil Kumar.

    For every user a folder is created in userhome. One approach is to capture this folder creation event and create the folder structure you need. You need to develop a portal service which will listen to events from userhome repository.
    1. Capture folder creation event for user home
    2. Create the folder structure you want in this event handler
    Check this documentation on how to do this.
    https://media.sdn.sap.com/html/submitted_docs/nw_kmc/howto/rf/client_api/rf_client_api.html
    Regards,
    Prasanna Krishnamurthy

Maybe you are looking for

  • Can songs be listed by file name?

    I burned the majority of my MP3's 7-10 years ago, and there is no info encoded in most of the files. I have alot of my music just showing up as track # with no other info. I am hoping there is a way to list songs in library by file name. I am concide

  • White screen/page shown after logon to Internet Sales

    Hi! We have installed Internet Sales R/3 Edition for B2B and have configured it with XCM according to the documents "CRM Web Application Installation Guide 4.0, SP0" and "Internet Sales R/3 Edition", the latter found on SAP Best Practices. Both Shopa

  • Out of memory error importing a JPA Entity in WebDynpro Project

    Hi All! We are having problems importing JPA entities in a WebDynPro project, this is our escenario. We have two entities, entity A that has a ManyToOne relationship with entity B and at the same time entity B has a OneToMany relationship with entity

  • Performance problem with SQL in NT vs. Solaris

    Hi, I am using the thin driver in classes12.zip. The 8.1.5 server runs on a solaris box. With the same code executing the same sql statement against the same database using the same version of JRE, Statement.execute() takes 5-10 times longer on a sol

  • XL reports Problem

    We have 2 companies with same XL reports live and test. All the XL reports were working fine. All of a sudden most of the reports in the live return no results. Some of them come up the error message as below. These reports has UDF An error occurred