Trying to restrict users to a single device group e.g. 172.17.*.*. I can get it to work fine using "Network Configuration-> Network Device Groups"but I can't set up overlapping NDGs.
Now I can't get NAR to restrict access.
** My NAR call "172.17-Europe" looks like
Define IP-based access restrictions - ticked
Table defines = Permitted Calling/Point of Access Locations
AAA Client = "All AAA Clients"
Port = *
Src IP Address = 172.17.*.*
** My group looks like
Only allow network access when - ticked
Any one selected NAR results in permit - selected
When I attempt to telnet and login to any 172.17 device, Failed Attempts.csv reports....
Message Type = Authen failed
Authen Failure Code = User Access Filtered
If I can get this woirking I then want to create additional NAR which are subsets of the 172.17 domain e.g. 172.17.20-London or 172.17.*.1-Europe-routers.
Thanks in advance.