Network access restrictions (NARs) provide authorization conditions that have to be met before a user can gain access to the network. Cisco Secure Access Control Server (ACS) applies these conditions using information from attributes sent by authentication, authorization, and accounting (AAA) clients. Although you may set up NARs in several ways, they all are based on matching attribute information sent by a AAA client. Therefore, you must understand the format and content of the attributes that your AAA clients send if you want to employ NARs effectively.