Wednesday, April 1, 2009

AD Group Mapping Across Different Domain Forest using ACS-AD

When U have the Different Domain Forest and ur implementing Wireless across it and wants to bind SSIDs to respected Domains following points needs to be taken care off
1) Two way trust needs to be form between All Domain
2) Windows Remote Agent needs to be install on One of the Member Server Machine of any of the Domains
3) If there is the Firewall between Domains following ports needs to be open
Here is the port list for Active Directory communication:
TCP Ports: 88, 135, 136, 139, 389, 445, 1025, 1026
UDP Ports: 88, 123, 137, 389 ICMP
4) Link for what needs to be configured on Member Server Machine on which Windows Remote Agent install
5) Member Server on which Remote Agent is install should login with user have Domain Admin Priviledge
6) See the Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS Configuration Link for configuration