Solved: HI, I just got it working for

Bas Grabowsky · ‎02-27-2015

HI,

We are using ACS 5.5.

And what we would to achieve is:

A specific user (internal identity store) that logons to a Cisco router (could be more thene one).

Is only allowed access to this Cisco router if the user comes from a specific IP address (or MAC address).

This filter should prevent this specific user to logon from anywhere else.

So a logon with this specific user account from an IP address other then defined in the filter should fail.

And a logon with the specific user account from the IP adrress in the defined filter should be granted.

Many thanks.

Kanwaljeet Singh · ‎02-27-2015

Hi Bas,

You should create an END STATION FILTER and use it while creating the access-policy. That should restrict the access from that end station/device only.

Let me know if you have any further questions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

Kanwaljeet Singh · ‎02-27-2015