https://community.cisco.com/t5/network-access-control/acs-location-access-control-how/m-p/1671108#M233553 <HTML><HEAD></HEAD><BODY><P>How about something like this ?</P><P>If device.location=location1 and if user belongs to group x,y, or z then grant access</P><P>If device.location=location and if user belongs to group x only then grant access</P><P></P><P></P><P>in all other cases deny access.</P><P></P><P></P><P>You can use user groups or usernames directly depending on the similarities between users and what's easiest.</P></BODY></HTML> Sat, 30 Apr 2011 06:18:58 GMT Nicolas Darchis 2011-04-30T06:18:58Z https://community.cisco.com/t5/network-access-control/acs-location-access-control-how/m-p/1671107#M233537 <P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif; ">I have spent 2 days trying to get Location based access working and can't figure it out.<SPAN style="mso-spacerun: yes;">&nbsp; </SPAN>I have ACS 5.2 installed.</SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif;"> </SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif; ">My setup is as follows.</SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif;"> </SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif; ">6 Locations</SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif; ">2-3 Administrators per location then 3 Administrators for all locations.<SPAN style="mso-spacerun: yes;">&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif;"> </SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif;"> </SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif; ">We want to grant access by Location of the Device to AD Accounts.&nbsp; Then we want 3 Admins to have access to all Locations.&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif;">I have been testing with Riverbeds using TACACS and can get a user working but once I have another user from the All Access group they don't work.&nbsp; I get a 22056 Error.&nbsp; </SPAN></P><P class="MsoPlainText"></P><P class="MsoPlainText" style="margin: 0cm 0cm 0pt;"><SPAN style="color: #000000; font-family: arial,helvetica,sans-serif; ">Anyone have something like this working and would not mind explaining to me how to use this convoluted product.<SPAN style="mso-spacerun: yes;">&nbsp; </SPAN></SPAN></P> Mon, 11 Mar 2019 01:02:29 GMT https://community.cisco.com/t5/network-access-control/acs-location-access-control-how/m-p/1671107#M233537 rfc791-cisco 2019-03-11T01:02:29Z https://community.cisco.com/t5/network-access-control/acs-location-access-control-how/m-p/1671108#M233553 <HTML><HEAD></HEAD><BODY><P>How about something like this ?</P><P>If device.location=location1 and if user belongs to group x,y, or z then grant access</P><P>If device.location=location and if user belongs to group x only then grant access</P><P></P><P></P><P>in all other cases deny access.</P><P></P><P></P><P>You can use user groups or usernames directly depending on the similarities between users and what's easiest.</P></BODY></HTML> Sat, 30 Apr 2011 06:18:58 GMT https://community.cisco.com/t5/network-access-control/acs-location-access-control-how/m-p/1671108#M233553 Nicolas Darchis 2011-04-30T06:18:58Z