Mike Tag & Template was more relevant to the old version of ACS where you had less control over what policy was returned to NAD1 vs NAD2. In other words once the profile was matched and you were returning a single tag to all NADs, you could still enforce different policies by providing an individual interpretation of the tag. Like on NAD1 tag "RESTRICT" maps to ACL1 & User X vs on NAD2 it calls out ACL2 & User X.
Just in case you want to play with it - the RADIUS attribute used here is "tag-name". Regards, -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Technical Instructor - IPexpert, Inc. URL: http://www.IPexpert.com On Wed, May 22, 2013 at 5:19 AM, Mike Rojas <[email protected]> wrote: > Hi, > > I completed the IOS FW section today. I havent check the solution yet but > I did have to use the DSG to find out about the User-based Firewall. > > Just to make sure, I would like to see if by using this feature is > necessarily to use the Tag and template class maps and policy maps. > > Checking the solution guide, I find it much easier both to understand the > feature and to configure it. Would it be possible to expand when a Tag and > template deployment needs to be used or just with the default "match > user-group" would do it? > > Thanks! > (BTW having a hard time to install ISE, I used the old ACS 4.2 for the > Radius attributes). > > Mike. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
