I add "Testuser" to my active directory security group "DomanWireless" and I see on ACS the respective user is mapped accordingly and get authenticated as "Group Name=ACSWireless".
If I remove the user from "ACSWireless", user defaults to "Default" group.
Then I go to ACS, "Group Setup", Edit "Default" group settings. I go to "Per Group Defined Network Access Restrictions". I check "Define IP-based access restrictions". I pick "Table Defines=Denies Calling Point of Acess Locations". I input "All AAA Clients POrt=* Address=*". I click "Submit + Restart".
I attempt to login and I am successful.
What am I missing ? I want to let only users members of DomainWireless group login via wireless, and deny access to people who are not member of that group.