NAR will work on any NAS type, cause it's basically an ACS function, not a NAS thing. The reuqest simply comes in from the NAS, whether it's TACACS or Radius, and ACS then checks to see if this user/group is allowed to authenticate against this NAS. The NAS really has no idea any checking is going on, it just waits for a Pass or a Fail, and ACS will return a Fail even if the username/password is valid but the NAS is not listed as an acceptable one in the NAR. As far as the NAS is concerned, the username/password was incorrect.