ACS 4.2 access control

situwayne · ‎02-11-2014

Can I setup a user who may only be able to access from a specific IP address? For example: this user is only allowed access from 10.1.1.1, if source from anywhere else it would be denied.

In User Setup\Client IP Address Assignment\ what is the meaning "Assign static IP address" and how is it used?

What is Network Access Restrictions (NAR) and how is it being used?

Thanks.

Jatin Katyal · ‎02-11-2014

Assign static ip address would allow you to push framed-ip-address from the radius server. Doing this every time the iser connect via VPN will get the same ip address.

What protocol are you using, tacacs or radius? What kind of access is this administrative / vpn?

This can be done via NAR. Go to the user setup and configure NAR for that user only.

With IP based NAR

Src IP Address—Enter the IP address to filter on when performing access restrictions. You can use the asterisk (*) as a wildcard to specify all IP addresses.

You may go through the below listed document for more detail.

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/91905-acs-nar.html

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Jatin Katyal · ‎02-26-2014

did that help you to reolve the issue?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin