Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 access control

Can I setup a user who may only be able to access from a specific IP address?  For example:  this user is only allowed access from 10.1.1.1, if source from anywhere else it would be denied.

In User Setup\Client IP Address Assignment\ what is the meaning "Assign static IP address" and how is it used? 

What is Network Access Restrictions (NAR) and how is it being used?

Thanks.


2 REPLIES
Cisco Employee

ACS 4.2 access control

Assign static ip address would allow you to push framed-ip-address from the radius server. Doing this every time the iser connect via VPN will get the same ip address.

What protocol are you using, tacacs or radius? What kind of access is this administrative / vpn?

This can be done via NAR. Go to the user setup and configure NAR for that user only.

With IP based NAR

Src IP Address—Enter the IP address to filter on when performing access restrictions. You can use the asterisk (*) as a wildcard to specify all IP addresses.

You may go through the below listed document for more detail.

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/91905-acs-nar.html

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

ACS 4.2 access control

did that help you to reolve the issue?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
125
Views
0
Helpful
2
Replies
CreatePlease login to create content