Sure. Put all your users into specific groups. Then in the group go into the Network Access Restrictions Section (near the top), check the "Per User Defined Network Access Restrictions " box, the select the device in the AAA Client drop down box, and use * for both Port and Address. Enter in each device one-by-one until you've got them all. Submit + Restart.
Now the users in that group will only be able to authenticate when connecting from one of those devices, any other device will result in a failed authentication.
If you want to get really good, you can define Network Device Groups and then define that in the NAR instead of each separate device. Or you can go under Shared Profile Components and define a Shared NAR and then define that in the group config.
The port number specifies the port number on the device that the user connects in on, you don't want to specify this as you'll probably never know what this will be. It's not referencing a TCP or UDP port number.
Try enabling the "Define CLI/DNIS-based access restrictions" section in the NAR and adding the Extreme switch into this, rather than in the IP-based access restrictions section. Depending on the format of the Radius request from the device, ACS can sometimes think it should use this section to check against. For example, if you use a VPN3000 to authenticate users against and you want to add it into a NAR, you have to add it into the CLI/DNIS section in ACS cause the format of the Radius packet is slightly different than with a router.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :