cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
427
Views
0
Helpful
1
Replies
Contributor

Group NAR for ACS 4.2 help needed

                  I have a problem implementing a NAR for a specific device group. I am running Cisco ACS 4.2 and it works fine for all the other stuff I do but this issue is perplexing me a bit.

I have a device group with Juniper devices in it and I authenticate using RADIUS (Juniper) as the radius setting.

I have a Administration user group set up.

I placed a NAR into the group "Per Group Defined Network Access Restrictions" specific to the device group with * for port and address

I placed this group into both the Define IP-Based as well as the Define CLI/DNIS-based section.

No matter what I do I keep getting authenticated.

When I go to the passed authentications page I see my login and the group-name is identified correctly and the network device group is identified correctly too. The filter says "no filters activated".

So how can I get this NAR to kick in? I would like to restrict one device group from a ACS user group.

Thanks for any information you can provide!

Everyone's tags (4)
1 REPLY 1
Highlighted
Cisco Employee

Group NAR for ACS 4.2 help needed

I think this is duplicate post of

https://supportforums.cisco.com/message/3643048#3643048

Regards,

Jatin

~Jatin Katyal