I tried to make a NAR (IP based or CLI/DNIS based) to permit access from AAA client 184.108.40.206 for ACS group 10.
AAA client 220.127.116.11 must use group 20, but users still get authenticated in Group 10. Auth is ok, but overall process failed. Why does NAR work this way ? I thought that AAA client 18.104.22.168 should "see" that it cannot use Group 10 and continues till Group 20.