06-04-2003 04:29 AM - edited 03-10-2019 07:20 AM
Is there a way to restrict access to ACS via the number that the dialing client has called from?
Aka use calling-station id or something such as this? I thought I had found a way in the ACS admin via the DNIS, but I could get it to work. I know I can setup an ACL that contains the numbers to accept, but can I do this per externally-authenticated user?
Kind Regards,
William Paris
06-04-2003 09:24 AM
Need more information on what exactly you mean by access to ACS. Pl. explain that lets say if user dialin to NAS from caller ID say 11111, you don't want ACS to authenticate that user?
OR if user with callerid 2222 dialin, you want ACS to authenticate. Also need to know what type of NAS you have and also need to know that dialin line is capable of sending callerid to NAS or not?
06-04-2003 09:26 AM
Hi William,
Do you mean ACS admin pages access or logging into the NAS itself.
Thanks
Sujit
06-05-2003 01:01 AM
My apologies to all for the unclear post:
What I want to do is this:
Using ACS authentication (which I do via the external authenticator to an NT domain) I would like to restrict each user to only be allowed to dial in from a specific phone number. Example: user \\ntdomain\bob is only allowed to dial in FROM phone number 555-5555. If any other number is received for user \\ntdomain\bob then it rejects it.
Failing to be able to do this from a specific username, can I set up an ACL that only allows the phone numbers from all my users to dial in? Example, only accept calls from numbers 555-5555, 555-4444, etc.
Kind Regards and thank you for you answers.
William Paris
06-05-2003 01:02 AM
My apologies to all for the unclear post:
What I want to do is this:
Using ACS authentication (which I do via the external authenticator to an NT domain) I would like to restrict each user to only be allowed to dial in from a specific phone number. Example: user \\ntdomain\bob is only allowed to dial in FROM phone number 555-5555. If any other number is received for user \\ntdomain\bob then it rejects it.
Failing to be able to do this from a specific username, can I set up an ACL that only allows the phone numbers from all my users to dial in? Example, only accept calls from numbers 555-5555, 555-4444, etc.
Kind Regards and thank you for you answers.
William Paris
06-09-2003 04:42 AM
Can anyone help me out here? I would greatly appreciate it.
06-23-2003 01:35 AM
You can set CLI based retrictions for individual users. It's under 'Per User Defined Network Access Restrictions' you'll see "Define CLI/DNIS-based access restrictions".
Although I don't use this feature I have tested it in the lab and it worked fine.
07-01-2003 09:27 PM
Hi,
Yes, CLI/DNIS based NAR is what you need -
I am assuming that you are using radius. Here is the details -
DNIS/CLI based NAR
=================
AAA client = NAS-IP-Address (radius attribute #4) orNAS-Identifier (radius attribute #32) if the above doesnt exist.
Port = NAS-Port (radius attribute #5) orNAS-Port-Id (radius attribute #87) if the above doesnt exist
Cli = Calling-Station-Id (radius attribute #31)
DNIS = Called-Station-Id (radius attribute #30)
Thanks,
Mynul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide