I'm having problem with the Network Access restrictons on the group configruation of ACS.
I configured the NAR field of a group and set it to deny access besed on AAA client, a Wireless Lan controller.
But users in this group is still able to log in wireless controller.
The Logs of ACS shows the fields are right. the right user, in the right group in the right AAA client, but does not deny.
Also set up DNIS based restriction.This is how it should be configured,
- Steps for configuring NAR's:
1) Go to User setup ----> Select the username you want to restrict.
2) Go to Network Access Restrictions (NAR) option.
3) Under Per User Defined Network Access Restrictions.
4) Check the "Define CLI/DNIS-based access restrictions box.
5) Select "Deny Calling/Point of access location"
6) In AAA client drop down box --- select the name of the the device to which user should not connect.
7) In Port ---- Use *
8) In CLI ---- Use *
9) In DNIS ---- Use *
10) Click on submit
Do rate helpful posts