just a question how to restrict dialup users for certain NAS servers.
We have an ACS2.6 AAA servers and several 3640 based NAS sever for user dialup. The users are collected into a group in the ACS.
We have an other group, called ISP. The user in this group can use the internet all over the world, they must dial the given ISP's local NAS number and all those NAS-es forward the authentication request to our ASC. So we can centrally manage the direct RAS users and the internet users.
The problem is, that a user in a certain group can use the other dialin facility since all dialin appemps will be authenticated on the same server.
HOw can I restrict that a ISP group can only use the NASes outside of the company and cannot dialin to our dedicated RAS server? And the traditional RAD users cannot use the internet (what is given for the ISP users)
I applied filters in the ACS on the group settings but found no ducuments how to setup it exactly. Any help appreciated,
Thanks for sharing your experience. I am sure it would be helpful for others. Yes, browser is an issue for any management sofwtare ;-)