https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817952#M420598 <HTML><HEAD></HEAD><BODY><P>No, I want to allow some users to (5 users) to access telnet only to subnet like 10.9.x.x and 10.8.x.x. and other users to access everything.</P></BODY></HTML> Wed, 30 May 2007 13:57:23 GMT nawas 2007-05-30T13:57:23Z https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817950#M420594 <P>I'm using ACS 3.3 and I'm trying to restrict telnet access to some subnets only. Is there any option in the ACS that can be accomplished with?</P> Tue, 26 Mar 2019 00:23:56 GMT https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817950#M420594 nawas 2019-03-26T00:23:56Z https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817951#M420596 <HTML><HEAD></HEAD><BODY><P>Hi Nawas,</P><P>You mean to restrict ONLY telnet access or you want to deny access using all modes like telnet, SSH, HTTP/s etc.</P><P></P><P>If you want to deny all modes to a specific AAA Clients, then you can use NAR's</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697095" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/c.htm#wp697095</A></P><P></P><P>Regards,</P><P></P><P></P><P> </P></BODY></HTML> Wed, 30 May 2007 13:50:31 GMT https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817951#M420596 Jagdeep Gambhir 2007-05-30T13:50:31Z https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817952#M420598 <HTML><HEAD></HEAD><BODY><P>No, I want to allow some users to (5 users) to access telnet only to subnet like 10.9.x.x and 10.8.x.x. and other users to access everything.</P></BODY></HTML> Wed, 30 May 2007 13:57:23 GMT https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817952#M420598 nawas 2007-05-30T13:57:23Z https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817953#M420600 <HTML><HEAD></HEAD><BODY><P>Still the answer is NAR,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml</A></P><P></P><P>You need to apply NAR on per user basis, for those 5 users, and nothing on rest of them.</P><P></P><P>Resulting, Rest of them will have full access.</P><P></P><P>And under IP based NAR for these 5 users on user basis, restrict them to subnet</P><P></P><P>Use Shared Profile component section,s NAF and NAR together, and then apply it on user level.</P><P></P><P>10.9.*.* (Create a NAF for this)</P><P>Port : *</P><P>Address : *</P><P></P><P>10.8.*.* (Create a NAF for this)</P><P>Port : *</P><P>Address : *</P><P></P><P>NAF : Available on 4.x, else if you have 3.x, then it depends on how you have created your NDG, else it depends on how you have created AAA clients on ACS, lots of combinations possible. To summarize it all.</P><P></P><P>You have to play with it.</P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Fri, 01 Jun 2007 23:55:52 GMT https://community.cisco.com/t5/network-access-control/acs-3-3/m-p/817953#M420600 Premdeep Banga 2007-06-01T23:55:52Z