ACS Network Access Restriction not working. Should deny, but allow.

Answered Question
Oct 28th, 2008

I'm having problem with the Network Access restrictons on the group configruation of ACS.

I configured the NAR field of a group and set it to deny access besed on AAA client, a Wireless Lan controller.

But users in this group is still able to log in wireless controller.

The Logs of ACS shows the fields are right. the right user, in the right group in the right AAA client, but does not deny.

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 8 years 1 month ago

Also set up DNIS based restriction.This is how it should be configured,

- Steps for configuring NAR's:

1) Go to User setup ----> Select the username you want to restrict.

2) Go to Network Access Restrictions (NAR) option.

3) Under Per User Defined Network Access Restrictions.

4) Check the "Define CLI/DNIS-based access restrictions box.

5) Select "Deny Calling/Point of access location"

6) In AAA client drop down box --- select the name of the the device to which user should not connect.

7) In Port ---- Use *

8) In CLI ---- Use *

9) In DNIS ---- Use *

10) Click on submit

Regards,

~JG

Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Wed, 10/29/2008 - 08:01

Also set up DNIS based restriction.This is how it should be configured,

- Steps for configuring NAR's:

1) Go to User setup ----> Select the username you want to restrict.

2) Go to Network Access Restrictions (NAR) option.

3) Under Per User Defined Network Access Restrictions.

4) Check the "Define CLI/DNIS-based access restrictions box.

5) Select "Deny Calling/Point of access location"

6) In AAA client drop down box --- select the name of the the device to which user should not connect.

7) In Port ---- Use *

8) In CLI ---- Use *

9) In DNIS ---- Use *

10) Click on submit

Regards,

~JG

Do rate helpful posts

Actions

This Discussion