How to Limit ACS Groups to Specific AAA Clients

N3t W0rK3r · ‎10-10-2008

I have several groups of users defined in ACS but I cannot figure out how to go about specifying which network devices (AAA clients) these groups can log into.

We use our ACS primarily to authenticate IT staff who need access to our routers, switches and APs.

Thanks in advance.

John

Jagdeep Gambhir · ‎10-10-2008

You need to use feature called network access restrictions (NAR). Here is the link ,

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/SPC.html#wp697095

Regards,

~JG

Do rate helpful posts

N3t W0rK3r · ‎10-10-2008

That's perfect, but I do not see the option for NAR on my Shared Profile Components page. I'm running ACS 3.3 on an appliance.

Thanks.

N3t W0rK3r · ‎10-10-2008

You can ignore that last post... I found where I need to add it.

Thanks again.

guibarati · ‎10-17-2008

Hi, I'm having the same problem, even else we have the NAR it is mandatory to configure the client's IP address of end client who is accessing the AAA client and I would linke to restrict only the AAA client, did you get it this way?

Thanks.