BikeGeek
2008-10-28 18:53:03 UTC
We have a mixed Nortel, Cisco and Juniper environment for our switches and
routers. I have gotten both Nortel and Cisco devices to authenticate
correctly to IAS but I am not sure how to have both authenticate to IAS.
One idea is using the Client-IP-Address attribute to be sure each device is
hitting the right policy. This seems very cumbersome to create two policies
(one read and one read/write) for each of hundreds of devices on two IAS
servers (primary and secondary)
-Can multiple IPs be added to one access policy?
Another thought was to use the Client-Vendor attribute.
- Does the Client-Vendor Attribute work reliable to distingish Nortel vs
Cisco?
- Is there a way to add Juniper to the Client-Vendor Attribute?
Another thought was one IAS server per vendor. This would result in either
not have a primary secondary or having 4 enterprise windows license!
Any suggestions welcome.
Is there another way to address this issue?
routers. I have gotten both Nortel and Cisco devices to authenticate
correctly to IAS but I am not sure how to have both authenticate to IAS.
One idea is using the Client-IP-Address attribute to be sure each device is
hitting the right policy. This seems very cumbersome to create two policies
(one read and one read/write) for each of hundreds of devices on two IAS
servers (primary and secondary)
-Can multiple IPs be added to one access policy?
Another thought was to use the Client-Vendor attribute.
- Does the Client-Vendor Attribute work reliable to distingish Nortel vs
Cisco?
- Is there a way to add Juniper to the Client-Vendor Attribute?
Another thought was one IAS server per vendor. This would result in either
not have a primary secondary or having 4 enterprise windows license!
Any suggestions welcome.
Is there another way to address this issue?