What version of ACS are you running? You may want to see if you can set up 2 separate groups of network devices, and see if you can authenticate one network group against one domain, and the second group against the other domain
----------------------------------------------------------------------------------------- I don't think this can be done. You authenticate the users against a database Windows/Ciscosecure to give access to devices. The devices don't care where the user autheticates. You can create two groups of users (one for each domaiin) and configure the devices to authenticathe against those groups.
Rgds,
Robert B. Phillips, II wrote:
I am new to ACS so my apologies if this is a n00b question or in the
> documentation, I have viewed the documented but I am not finding how
> to accomplish what I am trying to accomplish.
>
> I have setup Cisco ACS to authenticate to the external Windows
> database (Active Directory). I have two domains, Domain A and Domain
> B. I have domain mappings setup to point ACS to each of the domains
> and the NT group within each domain with the user accounts I want to
> authenticate. I want to have some of our network devices to
> authenticate ONLY against Domain A and some of our network devices to
> authenticate ONLY against Domain B. I am not certain how to "segment"
> the network devices in ACS so that they only authenticate against the
> chosen domain. Right now all devices authenticate against either
> domain mapping. What is the best way of going about implementing this
> "segmentation"?
>
> We are on ACS version 4.0. The network devices right now are only
> Lantronix SCS100 console servers attached to Cisco 1751-V routers. In
> the future we will have other network devices authenticate here and
> will have VPN connections terminated on our ASAs authenticate here as > well.
>
> Thanks.
> Robert Phillips, CCNA
--------------= Posted using GrabIt =----------------
------= Binary Usenet downloading made easy =---------
-= Get GrabIt for free from
formatting link
=-