Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Restric Phone Number

Dear All:

I would to used ACS 3.0 NT to restric remote user Phone Number, for example "Only" permit 555-1234 phone number with username "Jack" and other deny , as bellow is my config step

Share Profile Components-->Network Access Restricions-->Add-->Selct define CLI/DNIS access restrict (Permit calling)

AAA Client : All AAA Clients

Port: *



and apply to "Jack" account . that's config result to user "jack" couldn't be login(Jack Phone number is 5551234) , If i chang DNIS:5551234 to DNS:* that's login "OK" , But that can't restric Phone Number , Could you tell me where is wrong with me

Pls in advice

aaa authentication login default group tacacs+ local

aaa authentication ppp default if-needed group tacacs+

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+


interface Group-Async0

ip unnumbered FastEthernet0/0

encapsulation ppp

async mode interactive

peer default ip address pool async

ppp authentication chap

group-range 33 40


tacacs-server host

tacacs-server key 123456789


line 33 40

exec-timeout 0 0

modem InOut

modem autoconfigure discovery

transport input all

autoselect during-login

autoselect ppp

flowcontrol hardware

Cisco Employee

Re: Restric Phone Number

In your config DNIS allowed is 5551234.

With that ACS should have exact same DNIS (not Jack's Caller ID or CLI) to compare with to allow the call to go thru..If number of digits are less will be blocked. Just verify the exact DNIS..

You can try using 555* as DNIS..

What kind of line is coming on the router.. PRI/BRI/T1???

CreatePlease to create content