04-14-2009 06:14 AM - edited 03-10-2019 04:26 PM
Hi all!
I have a problem with configuration of Network Access Restriction.
I set the feature via Shared Profile Component and Group Level NAR also, but none of them works.
My test AAA client is a VASCO RADIUS Client Simulator. I thought that this software doesn't send the proper RADIUS attributes, but behaviour of ACS is never prohibitive, but sometime it should be.
I tried it with version 3.2 and 4.2 also.
Is there a trick or something I messed up?
Thank you for the answeres!
Solved! Go to Solution.
04-14-2009 07:05 AM
For wireless user you need to use CLIS/DNIS based access restriction.
If you user Radius IETF for wireless AP, basic authentication should work but issue would be with authorization part.
Regards,
~JG
04-14-2009 06:25 AM
NAR works on the basis of attributes sent by aaa client.
IP-based NAR filters work only if ACS receives the Radius Calling-Station-Id (31) attribute. The Calling-Station-Id (31) must contain a valid IP address. If it does not, it will fall over to DNIS rules.
See this link
Regards,
~JG
Do rate helpful posts
04-14-2009 06:49 AM
Would it be problem, if I use RADIUS (IETF) "Authentication using" in the Network Configuration in ACS for Wireless AP? The productive envirement contains this configuration, and another device with TACACS+ configuration.
04-14-2009 07:05 AM
For wireless user you need to use CLIS/DNIS based access restriction.
If you user Radius IETF for wireless AP, basic authentication should work but issue would be with authorization part.
Regards,
~JG
04-15-2009 04:31 AM
Thank you for your answers. If I use CLIS/DNIS based access restriction, it works but in case of router works only with CLIS/DNIS based access restriction also. It's interest for me.
Regards,
Miki
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide