cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

464
Views
0
Helpful
1
Replies
iceteanolemon
Contributor

Group NAR for ACS 4.2 help needed

                  I have a problem implementing a NAR for a specific device group. I am running Cisco ACS 4.2 and it works fine for all the other stuff I do but this issue is perplexing me a bit.

I have a device group with Juniper devices in it and I authenticate using RADIUS (Juniper) as the radius setting.

I have a Administration user group set up.

I placed a NAR into the group "Per Group Defined Network Access Restrictions" specific to the device group with * for port and address

I placed this group into both the Define IP-Based as well as the Define CLI/DNIS-based section.

No matter what I do I keep getting authenticated.

When I go to the passed authentications page I see my login and the group-name is identified correctly and the network device group is identified correctly too. The filter says "no filters activated".

So how can I get this NAR to kick in? I would like to restrict one device group from a ACS user group.

Thanks for any information you can provide!

1 REPLY 1
Jatin Katyal
Cisco Employee

I think this is duplicate post of

https://supportforums.cisco.com/message/3643048#3643048

Regards,

Jatin

~Jatin
Content for Community-Ad