3-6
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 3 Configuring New Features in ACS 4.2
Configuring Group Filtering at the NAP Level
Configuring Group Filtering at the NAP Level
You can use ACS 4.2 to grant and deny access to users who are authenticated through a LDAP database
based on the LDAP group to which the users belong. This feature is called group filtering at the NAP
level.
To configure group filtering at the NAP level:
Step 1 Configure LDAP on the ACS server.
Step 2 Set up a Network Access Profile.
a. In the navigation bar, click Network Access Profiles.
The Network Access Profile page opens.
b. Click the Authentication link for the profile.
The Authentication page for the selected profile appears. The top of the Authentication page
contains the Group Filtering for LDAP database section, as shown in
Figure 3-3.
Figure 3-3 Group Filtering for LDAP Database Configuration
c. From the drop-down list for LDAP databases, choose the LDAP database that you want to use to
filter user access.
d. From the list of LDAP user groups in the Available Groups list, choose the groups for which to allow
access.
Choose a group in the Available Groups list and click the right arrow (-->) button to move the group
to the list of Selected Groups.
e. If you want to sort the lists, click the Up and Down buttons to move a group up or down in a list.
Step 3 Click Submit.