Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

ACS Network Access Restriction not working. Should deny, but allow.

I'm having problem with the Network Access restrictons on the group configruation of ACS.

I configured the NAR field of a group and set it to deny access besed on AAA client, a Wireless Lan controller.

But users in this group is still able to log in wireless controller.

The Logs of ACS shows the fields are right. the right user, in the right group in the right AAA client, but does not deny.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACS Network Access Restriction not working. Should deny, but

Also set up DNIS based restriction.This is how it should be configured,

- Steps for configuring NAR's:

1) Go to User setup ----> Select the username you want to restrict.

2) Go to Network Access Restrictions (NAR) option.

3) Under Per User Defined Network Access Restrictions.

4) Check the "Define CLI/DNIS-based access restrictions box.

5) Select "Deny Calling/Point of access location"

6) In AAA client drop down box --- select the name of the the device to which user should not connect.

7) In Port ---- Use *

8) In CLI ---- Use *

9) In DNIS ---- Use *

10) Click on submit

Regards,

~JG

Do rate helpful posts

1 REPLY

Re: ACS Network Access Restriction not working. Should deny, but

Also set up DNIS based restriction.This is how it should be configured,

- Steps for configuring NAR's:

1) Go to User setup ----> Select the username you want to restrict.

2) Go to Network Access Restrictions (NAR) option.

3) Under Per User Defined Network Access Restrictions.

4) Check the "Define CLI/DNIS-based access restrictions box.

5) Select "Deny Calling/Point of access location"

6) In AAA client drop down box --- select the name of the the device to which user should not connect.

7) In Port ---- Use *

8) In CLI ---- Use *

9) In DNIS ---- Use *

10) Click on submit

Regards,

~JG

Do rate helpful posts

264
Views
0
Helpful
1
Replies