https://community.cisco.com/t5/network-access-control/acs-3-1-group-problem/m-p/203810#M438081 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I am using ACS 3.2 with Win2K AD and group mappings to four AD user groups.</P><P></P><P>I had tried NAR feature but it does not seem to do any sort of filtering. I can still authenticate with users from other mapped groups to all the AAA clients even though the group NAR specifically permits only certain AAA clients and denies all other.</P><P></P><P>Any suggestions?</P><P></P><P>Regards</P><P>Biju</P></BODY></HTML> Sun, 11 Jan 2004 07:38:54 GMT bhameed 2004-01-11T07:38:54Z https://community.cisco.com/t5/network-access-control/acs-3-1-group-problem/m-p/203808#M438078 <P>I created two groups on ACS 3.1. One is for wireless user ,another group is used for VPN client. I found that when I try to use VPN servece,I can also login with user ID belongs to wireless group and vice versa.</P><P></P><P>How can I isolate the user id of two groups ?</P><P></P> Sun, 10 Mar 2019 14:19:36 GMT https://community.cisco.com/t5/network-access-control/acs-3-1-group-problem/m-p/203808#M438078 flyan 2019-03-10T14:19:36Z https://community.cisco.com/t5/network-access-control/acs-3-1-group-problem/m-p/203809#M438079 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>NAS (Network Access Restriction) Filter is the only options here. All you need to do is in your VPN group, just allow the AAA client for VPN device and deny rest of the NASes. Then in Wireless group, just allow the Wireless device as AAA client and deny the rest. Here are the links that will help you understanding and configuring NAR.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00800d9e6b.html#623269" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00800d9e6b.html#623269</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102176.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102176.html</A></P><P></P><P>Thanks,</P><P></P><P>Mynul</P></BODY></HTML> Thu, 29 May 2003 14:04:44 GMT https://community.cisco.com/t5/network-access-control/acs-3-1-group-problem/m-p/203809#M438079 mhoda 2003-05-29T14:04:44Z https://community.cisco.com/t5/network-access-control/acs-3-1-group-problem/m-p/203810#M438081 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I am using ACS 3.2 with Win2K AD and group mappings to four AD user groups.</P><P></P><P>I had tried NAR feature but it does not seem to do any sort of filtering. I can still authenticate with users from other mapped groups to all the AAA clients even though the group NAR specifically permits only certain AAA clients and denies all other.</P><P></P><P>Any suggestions?</P><P></P><P>Regards</P><P>Biju</P></BODY></HTML> Sun, 11 Jan 2004 07:38:54 GMT https://community.cisco.com/t5/network-access-control/acs-3-1-group-problem/m-p/203810#M438081 bhameed 2004-01-11T07:38:54Z