03-21-2006 07:10 AM - edited 03-10-2019 02:30 PM
We are using our CSACS server to authenticate wireless users. I am finding thoguh that I cannot add users to the wireless user group and allow them to authenticate via the APs without them also having access to our network infrastrucutre (routers/switches/firewalls).
How do I stop a user/group from being able to authenticate to devices? I only want them to authenticate if the request is coming from the APs.
Thanks
Solved! Go to Solution.
03-22-2006 03:29 PM
Use the Network Access Restrictions (NAR) section under the Group in ACS, specifically the "Per Group NAR" section. You would put all your wireless users into a specific group in ACS, and then add in your wireless AP's in as "Permitted Calling Points" under the "Define IP-based access restrictions", meaning those users are allowed to authenticate against them, but not anything else. Put an * in for the Port and Address values, you don't care about those, only the fact that the authentication request is coming from an AP.
If you go under Interface Configuration - Advanced options and enabled Network Device Groups (NDG's), you can also put all your AP's under one NDG and then just define that NDG in as a Permitted Calling Point
03-22-2006 03:29 PM
Use the Network Access Restrictions (NAR) section under the Group in ACS, specifically the "Per Group NAR" section. You would put all your wireless users into a specific group in ACS, and then add in your wireless AP's in as "Permitted Calling Points" under the "Define IP-based access restrictions", meaning those users are allowed to authenticate against them, but not anything else. Put an * in for the Port and Address values, you don't care about those, only the fact that the authentication request is coming from an AP.
If you go under Interface Configuration - Advanced options and enabled Network Device Groups (NDG's), you can also put all your AP's under one NDG and then just define that NDG in as a Permitted Calling Point
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide