04-14-2009 06:14 AM - edited 03-10-2019 04:26 PM
Hi all!
I have a problem with configuration of Network Access Restriction.
I set the feature via Shared Profile Component and Group Level NAR also, but none of them works.
My test AAA client is a VASCO RADIUS Client Simulator. I thought that this software doesn't send the proper RADIUS attributes, but behaviour of ACS is never prohibitive, but sometime it should be.
I tried it with version 3.2 and 4.2 also.
Is there a trick or something I messed up?
Thank you for the answeres!
Solved! Go to Solution.
04-14-2009 07:05 AM
For wireless user you need to use CLIS/DNIS based access restriction.
If you user Radius IETF for wireless AP, basic authentication should work but issue would be with authorization part.
Regards,
~JG
04-14-2009 06:25 AM
NAR works on the basis of attributes sent by aaa client.
IP-based NAR filters work only if ACS receives the Radius Calling-Station-Id (31) attribute. The Calling-Station-Id (31) must contain a valid IP address. If it does not, it will fall over to DNIS rules.
See this link
Regards,
~JG
Do rate helpful posts
04-14-2009 06:49 AM
Would it be problem, if I use RADIUS (IETF) "Authentication using" in the Network Configuration in ACS for Wireless AP? The productive envirement contains this configuration, and another device with TACACS+ configuration.
04-14-2009 07:05 AM
For wireless user you need to use CLIS/DNIS based access restriction.
If you user Radius IETF for wireless AP, basic authentication should work but issue would be with authorization part.
Regards,
~JG
04-15-2009 04:31 AM
Thank you for your answers. If I use CLIS/DNIS based access restriction, it works but in case of router works only with CLIS/DNIS based access restriction also. It's interest for me.
Regards,
Miki
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: