ACS Server - Support for three separate company networks

I looking into purchasing a ACS 3.3 server to support 3 networks in my organization. Here are my requirements:
- One ACS server running TACACS and RADIUS supporting three networks
- each network has a common group of administrators that require various level of access
- some adminstrators require access to all three networks, some one, some two
How can I configure each group of users to only have access to their respective networks. What attributes do I use to destinguish the networks for each group of users.
I think ACS can do this from the reading I have done but need assurance.
Thanks

You could see the documenation for the configuation examples here : " target="_blank">www.cisco.com/techsupport/--------> guest---------> product support ----------> Security and Vpns -------------> search for ACS 3.3, check for release notes as well as for configuration examples. You can select view all documents.
Also, " target="_blank">www.cisco.com/techsupport-----> Select ACS from the drop down menu under Security.

Similar Messages

  • Support for LARGE Wi-Fi networks in 10.3.9

    I've noticed that there's been an update to improve support for Large Wi-Fi networks for 10.5.x. See the following update:
    http://www.apple.com/support/downloads/airportextremeupdate2008002.html
    I'm helping out at a private school that has 30+ iBook G4 running 10.3.9. Randomly the computers can't connect to the very Large Wi-Fi network (30+ routers). I see the following in the System.Log
    Sep 19 09:09:45 localhost kernel: AirPort: Link DOWN (AP disAssoc 0)
    Sep 19 09:09:45 localhost kernel: AirPort: Link Active: "MTZion" - 001de625a500 - chan 11
    Sep 19 09:11:55 localhost kernel: AirPort: Link DOWN (AP disAssoc 0)
    Sep 19 09:11:55 localhost kernel: AirPort: Link Active: "MTZion" - 001de625a500 - chan 11
    Sep 19 09:14:06 localhost kernel: AirPort: Link DOWN (AP disAssoc 0)
    Sep 19 09:14:06 localhost kernel: AirPort: Link Active: "MTZion" - 001de625a500 - chan 11
    Sep 19 09:16:16 localhost kernel: AirPort: Link DOWN (AP disAssoc 0)
    Sep 19 09:16:16 localhost kernel: AirPort: Link Active: "MTZion" - 001de625a500 - chan 11
    Sep 19 09:17:57 localhost kernel: AirPort: Link DOWN (Client disAssoc 0)
    Sep 19 09:18:43 localhost kernel: AirPort: Link Active: "MTZion" - 001de625a500 - chan 11
    I have a MacBook Pro running 10.4.11 and I've also seen this problem. There are several Windows XP systems that DO NOT experience this problem. After reading this update, it appears this is directly related. Does anyone know if there are plans to back port these updates to previous releases?
    It's getting fairly critical that we get this solves as having this many computers but no internet access makes them a lot less useful.
    I'm willing to collect any data required to assist in debug of this problem.
    Thanks.
    Brian

    My bad.. the link is actually posted at:
    http://www.apple.com/downloads/macosx/apple/application_updates/airportextremeup date2008004.html
    Thanks.

  • HT204368 I have a Tango TRX bluetooth speaker that is suddenly not able to connect to my New iPad. It worked fine for a few eeks and now I get the previously unseen "This device not supported by iPad" message. It was supported for three weeks. Thanks

    Most of the question is in the discussion header. I have a Tango TRX bluetooth speaker that worked fine for three weeks with my third generation iPad. I started having trouble connecting and recieved the "not supported by iPad" message. It connects just fine until I open any app that requires sound and at thet point I recieve the message and the device disconnects. The Tango still pairs flawlessly with my laptop which is not an Apple product. How could a product suddenly become unsupported? 

    The Apple Support Communities are an international user to user technical support forum. As a man from Mexico, Spanish is my native tongue. I do not speak English very well, however, I do write in English with the aid of the Mac OS X spelling and grammar checks. I also live in a culture perhaps very very different from your own. When offering advice in the ASC, my comments are not meant to be anything more than helpful and certainly not to be taken as insults.
    Try a reset. Press & hold the Power and Home buttons simultaneously, ignoring the red power off slider, until the Apple logo appears. Then release both buttons. This should not affect any content on the iPad, it is similar to rebooting your computer.

  • One Cisco prime deployment for three physically different Networks

    Can one Cisco prime deployment be used to manage three physically different Networks without creating a bridge between the networks. It is imperative that the networks remain separated but they will be managed by the same team so can you somehow use one Cisco Prime without the networks becoming connected 

    Hi,
    I believe you can manage any device, if it reachable (ICMP/SNMP) to Prime Infrastructure.
    Just make sure all the 3 different network reachable to PI, it's not required they're reachable among them. 
    PI itself do not do any bridging/routing between your 3 different network , therefore PI doesn't know if you can route between them or if they're separated.
    Since 3 different network are not reachable among themselves, use 3 different seed ip while discovering.
    Also, from management point of view, you can create virtual domain, group the devices network wise, & then while logging in PI, you'll the get feel if you're managing 3 different network by same PI.
    But since we know that PI, all the devices of 3 different network, it'll consume the CPU/RAM/Disc space accordingly. therefore need to pay attention for the resources of PI
    Using Virtual Domains to Control Access to Sites and Devices
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/administrator/guide/PIAdminBook/maint_user_access.html#pgfId-1056197
    - Ashok
    Please rate the post or mark as correct answer as it will help others looking for similar information

  • Microsoft Project Server Support for SQL Server 2014

    Does anyone know the timeline for Microsoft Project Server to support deployment on SQL Server 2014?   Also, has anyone tried this yet as an unsupported deployment, and if so, have they found any issues?

    "SQL Server 2014 is not yet supported for Project Server 2013", as per the article Hardware
    and software requirements for Project Server 2013: https://technet.microsoft.com/en-us/library/ee683978(v=office.15).aspx updated as on Dec
    09, 2014.
    Cheers! Happy troubleshooting !!! Dinesh S. Rai - MSFT Enterprise Project Management Please click Mark As Answer; if a post solves your problem or Vote As Helpful if a post has been useful to you. This can be beneficial to other community members reading
    the thread.

  • Server support for EJB

    Hello,
    I use iPlanet Web Server Enterprise Edition 4.1 Service Pack 11, for my JSP pages i wanna use EJB does this server support EJB.
    Thanx

    Hello,
    I use iPlanet Web Server Enterprise Edition 4.1
    Service Pack 11, for my JSP pages i wanna use EJB
    does this server support EJB.
    ThanxAFAIK, it doesn't... you could use a newer version.

  • Adding support for IP Telephony to network

    We are in the process of getting a new phone system. The new system is capable of supporting Voice over IP and the "phone" guys are saying they are going to test and move to IP phones. They have also talked of creating IP Trunks between various remote locations for phone service and/or voice mail support. Other than the phone systems we are a complete Cisco shop.
    My network consists of the following...
    4506 as my core with 3560s in each floor IDF as distribution
    2950s are connected to the 3560s to serve as access
    3750 stack supporting my server farm
    I run several VLANs and have been trying to figure out to fit the new PBX and VoIP into the infrastructure. I run the following VLANs ..
    One VLAN for each floor (VLAN2, VLAN3, VLAN10)
    One VLAN for the server farm (VLAN4)
    One VLAN for network device management (VLAN5)
    One VLAN for the IS department (VLAN6)
    One VLAN for our wireless network (VLAN7)
    I do not use VLAN 1 for anything
    I have been reading through topics and docs on-line looking for what needs to be changed network wise to support this. I know that I will need to create additional VLANs to support the voice traffic and will create one for each floor. It appears that I need to create trunks between the access switch and IP phone and including the data VLAN as well as a voice VLAN. The is where the questions start.
    1) What is the difference in the access VLAN and a voice VLAN? The samples I have seen use these instead of a restricted vlan to flow on the trunk.
    2) The devices in the PBX that need to be part of the "voice VLANs", do I define them as access VLANs or voice VLANs? This would include the "IPSI", "C-LAN" and "MEDPRO" cards in the PBX. Since this handles signaling and is needed by the VoIP calls I am figuring they will be in one of te voice VLANs.
    3) Do I need to do anything from a QOS standoint to keep things flowing smoothly through the switches?
    4) I have no clue about what is needed to support IP Trunking across my WAN.

    Brent, i have thousands of avaya ip phones on my cisco network, with no issues. a couple pointers.
    1) Aux/voice vlans work with avaya phones so u don't have to use setup explicit dot1q trunks.
    2) avaya phones now can use HTTP or HTTPS instead of an TFTP server for firmware image updates...i use IIS and apache in my enviorment for this. or you can use the avaya server perform this task, since it runs redhat enterprise linux.
    3)yes dhcp on a router works fine with option 176 setup as ascii example:
    ip dhcp pool local-dhcp-pool
    import all
    network 172.29.28.16 255.255.255.248
    default-router 172.29.28.17
    dns-server x.x.x.x x.x.x.x
    domain-name xxx.com
    netbios-name-server x.x.x.x
    netbios-node-type h-node
    option 176 ascii "MCIPADD=172.24.99.200,MCPORT=1719,HTTPSRVR=172.24.98.250"
    4) you might want to look at planning for "Network Regions".. in essece it the the logical group or mapping of ip address on the avaya system. Here'a a good document so you catch my drift:http://www.avaya.com/master-usa/en-us/resource/assets/applicationnotes/netw-region-tutorial.pdf
    5) all avaya ip endpoints can perform both layer2 (cos) and layer 3 qos tagging(diffserv).(and the phone can re-write l2q cos tags if required) this configuration is done on the avaya media server and is sent down to all ip devices once registered.Also ensure the data switch ports with avaya ip phones and gateways(clan/medpro modules) have qos trusting enabled...example :
    mls qos trust dscp (or)
    mls qos trust cos
    hope this helps!

  • InDesign CS3 Server - Support for Standard ECMA-357, ECMAScript for XML (E4X) Specification

    Does InDesign CS3 Server fully support the XML standards outlined by ECMA in 'Standard ECMA-357 ECMAScript for XML (E4X) Specification'?
    http://www.ecma-international.org/publications/standards/Ecma-357.htm

    Thanks Michael, for your prompt reply.
    I can see that some of the XML library/functions are available in the ExtendScript Editor - but I just wanted to make sure that I'm not missing something.
    Thanks again,
    Carl

  • Oracle Weblogic 9.2.3 server support for SAML 1.1 'wildcard attributes'

    To support Web SSO using SAML on Oracle Weblogic 9.2.3 server - I need to parse SAML 1.1 'wildcard attributes' in the SAML 1.1 Asserter schema; https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd. The Oracle Weblogic 9.2.3 server provides an interface; weblogic.security.providers.saml.SAMLIdentityAssertionNameMapper - for parsing the information in the SAML token provided by an external partner, but this interface only deals with nameid and groups and not attributes in the AttributeStatement of the SAML token. In weblogic 10 a new interface; com.bea.security.saml2.providers.SAML2IdentityAsserterAttributeMapper - is provided, which solves this problem.
    My question is, how can I get access to the attributes in the AttributeStatement in the SAML 1.1 token on an Oracle Weblogic 9.2.3 server ?
    Or
    Is the weblogic.security.providers.saml.SAMLIdentityAssertionAttributeMapper available in weblogic 9.2.3 ?

    To support Web SSO using SAML on Oracle Weblogic 9.2.3 server - I need to parse SAML 1.1 'wildcard attributes' in the SAML 1.1 Asserter schema; https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd. The Oracle Weblogic 9.2.3 server provides an interface; weblogic.security.providers.saml.SAMLIdentityAssertionNameMapper - for parsing the information in the SAML token provided by an external partner, but this interface only deals with nameid and groups and not attributes in the AttributeStatement of the SAML token. In weblogic 10 a new interface; com.bea.security.saml2.providers.SAML2IdentityAsserterAttributeMapper - is provided, which solves this problem.
    My question is, how can I get access to the attributes in the AttributeStatement in the SAML 1.1 token on an Oracle Weblogic 9.2.3 server ?
    Or
    Is the weblogic.security.providers.saml.SAMLIdentityAssertionAttributeMapper available in weblogic 9.2.3 ?

  • LDAP server support for NetWeaver

    I would like to know what LDAP Directory servers are officially supported by Netweaver versions.  I have been scouring the web and can not find any document where it is written which product is officially support.  Some places I read about Novell, but nothing concrete on the offical support .
    Does anyone know the answer and where I can find more info on this.
    Thanks

    Hi Frajib,
       I don't think I've seen a list for netweaver in general.  I do know for the Portal application on Web AS 6.40 you have the following LDAP options.
       MS ADS
       SUN ONE
       NOVELL LDAP Server
       Siemens LDAP Server
    Hope this helps.
    John

  • Mac os x server support for iWeb

    Hi, I was wondering if anyone knows if there is any way to set up a Mac OS X server (10.5) to support iWeb created websites such that comments could be enabled much like they work with MobileMe?
    Thanks,
    -z

    Always with the RTFM...
    Anyway, like I said, I'm not running Snow Leopard Server so I don't know if this has already been implemented and quick web searches for such do not bring anything up but it doesn't hurt to ask. If it hasn't I'd like to not only request some features in future versions but ALSO to inquire if there are others in the iWeb "Community" who would also like such features. The feature request link you provided is a black hole and doesn't really provide much feedback. Finally, someone might have a solution for including comment in iWeb created websites that I haven't already encountered or figured out on my own.
    Message was edited by: zenasprime

  • Sun Java System Web Server support for Red Hat EL 5

    Does anyone have any information when the Sun Java System Web Server might be supported on Red Hat Enterprise Linux 5 Server?
    Thanks

    Certification of RHEL5 will likely happen with one of the upcoming Update releases.
    There is, as far as I know, no reason why Web Server won't run on RHEL5 today though (I use it on Fedora Core 7 without ill effect, and the RHEL trail the Fedora releases a bit in technology versions).

  • Belkin Print Server support for Epson Stylus photo R200

    I have just installed a Belkin Wirless G adsl modem router, which works very well and I very satisfied with it. Along with this I purchased a Belkin Print server F1UP0001uk to drive my Epson stylus photo R200. While I can see my Print server and ping it satisfactoraly and it can see my printer. I can't get it to print.
    Belkin tell me that I have to change the CUPS port from 515 to 9100 for print server port1 or 9101 for port2 on each machine I want to connect from.
    How do I do this?
    G4   Mac OS X (10.3.9)  

    What they are describing is the HP Jetdirect protocol on OS X, called raw/port 9100 printing on Windows. To use port 9100, in Printer Setup, select IP printer > HP JetDirect and it will work (9100 is the default port number). To use port 9101 requires the advanced method. In Printer Setup, after you click ADD, hold down the option key while clicking More Printers (you may need to pause a bit before the More Printers, because OS X is searching for Bonjour printers). At the bottom of the new menu, select Advanced, then select Appsocket/HP Jetdirect. Name it. Fill in the URI like:
    socket://[IPofserver]:9101

  • NEED FAST AND BEST JAVAEE 5 SERVER SUPPORT FOR NETBEANS 5.5

    I am using j2ee technology for open source development since j2ee 1.4 sdk. The Sun Application Server 8.1 and 8.2 were bit fine to start with netbeans. But Glassfish seem to be too slow to start and deploy. Can anyone tell me the fastest and best performance app server to use with netbeans 5.5.
    The computer specs are
    PIII 500 MHz
    512 100/333 MHz SDRAM

    What difference does it make how quick the app server takes to start and deploy?? That's about the most arbitrary criteria for choosing an app. server I've ever heard. Might as well choose based on the colour of the logo!
    Seriously, use whichever one you think you're most likely to encounter. Looking at the spec. of your machine, no app. server is going to run particularly fast. Look into getting a faster machine, or at least a second machine of similar specs to run the server on. Poor thing must be exhausted :-)

  • Tn3270 server support for IBM mainframe

    Does the tn3270 server (with CIP/CPA on 7200) router can be attached to a IBM mainframe running VSE/ESA operatinf system ?

    Sure, this works fine. The CPA is what is used in the 7200, and is functionally identical to the CIP.

Maybe you are looking for

  • How to use TABLE_FROM_BLOCK in forms 10g ??????

    i have use the procedure below code in when-validate of a database item in forms6i its working fine ,but the same form i have compiled in forms10g and then when the when validate is fired it gives following error frm-40933 Cannot populate table becau

  • How to use directory alias in Java stored procedure ?

    hi everyone ! I want use Directory alias in Java strored procedure I 'hv created dir alias as Create Directory BFILE_DIR AS 'C:\MyImages' my java statements - myfile="C:\MyImages\myPH01.jpg" File binaryFile = new File(myFile); instead of giving absol

  • Problem with a Link calling a dynamic page

    Hi! I wanted to create a link calling to a dynamic page. This dynamic page displays a PDF depending on the parameter, the thing here is that I don't know how to set the bind variables or more likely how to say that the value of those variables is goi

  • IDE'S error

    Hi!!! The next error appears when in a hyperlink I click in the URL property(...). What can it be??? It doesn't show me the resouces directory to select a page. Thanksssss *********** Exception occurred ************ at 10:39 AM on Sep 22, 2006 java.l

  • Freeze issues while editing in elements 12

    I am working on a template and every time I try to open a new file in to the editor I am freezing when the window pops up to select the file.  This just started happening after the most recent update.  Any help would be appreciated.