Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Is there a way to check dial-in permission for one NAS and not another?

Hello all- we're running ACS 4.x. currently we have "check dial-in permission" enabled. We have VPN users and wireless (.1x) authenticating against acs and then to AD. the problem is with the "dial-in permission check" we have to grant  this all vpn and wireless users in AD even though some wireless users do not need VPN access. Becuase if this permission enabled , all wireless users automatically get VPN access as well. Is there a way around this? Can i check dial-in permission per NAS or something or is that a global thing.  Any other way to set this up only VPN user are checked for dial-in permission and not wireless users?


  • AAA Identity and NAC