Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
1
Replies

Group NAR for ACS 4.2 help needed

iceteanolemon
Level 5
Level 5

‎05-23-2012 03:07 PM - edited ‎03-10-2019 07:07 PM

                  I have a problem implementing a NAR for a specific device group. I am running Cisco ACS 4.2 and it works fine for all the other stuff I do but this issue is perplexing me a bit.

I have a device group with Juniper devices in it and I authenticate using RADIUS (Juniper) as the radius setting.

I have a Administration user group set up.

I placed a NAR into the group "Per Group Defined Network Access Restrictions" specific to the device group with * for port and address

I placed this group into both the Define IP-Based as well as the Define CLI/DNIS-based section.

No matter what I do I keep getting authenticated.

When I go to the passed authentications page I see my login and the group-name is identified correctly and the network device group is identified correctly too. The filter says "no filters activated".

So how can I get this NAR to kick in? I would like to restrict one device group from a ACS user group.

Thanks for any information you can provide!

Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎05-23-2012 04:45 PM

I think this is duplicate post of 

https://supportforums.cisco.com/message/3643048#3643048

Regards,

Jatin

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents