Cisco Support Community
Community Member

Limiting access to access point with NAR's

I have configured a 350 wireless card and 2-350 AP's for LEAP authentication with ACS 3.1 and all works fine authenticating to both AP's. I want to test the ability to deny access to one of the AP's using NAR's. I have added the NAR to the group I am in and even with the "allowed" AP turned off it still let's me authenticate to the "disallowed" one. The passed authentication log says that all access filters have passed. After that I added the rule to my group to deny access from all IP to all AAA clients and it still let's me authenticate. Any ideas?

Community Member

Re: Limiting access to access point with NAR's

I ended up logging a call with the TAC and what I found out is that for the NAR filters to apply you need to set a deny rule using the CLI/DNIS as well as the IP filters for the same devices or NDG's. Works great now...

CreatePlease to create content