08-28-2012 12:55 PM - edited 03-10-2019 07:28 PM
Hi Guys
I suffering a strange issue , I have two group users (wireless user , VPN users),
Supposed Wireless users only have access to wireless ,and VPN users just have access to connect VPN and they don’t have access wireless .
The issue VPN user can access wireless!!!!!
Notice I used ACS4.2 And Aruba controller
Is this bug in ACS 4.2 or what ? please advice
Solved! Go to Solution.
08-28-2012 01:12 PM
Hi,
NAR is based on matching attribute information sent by a AAA client. Therefore the format and content of the attributes that a AAA client
sends is important if we want to employ NARs effectively. It seems that the device ( on which the user tried to log on) is not able to send
attributes 30, 31 to the ACS server and therefore NAR is not getting applied.
Radius attributes 30 and 31 are required for ACS to process the NAR. This is why many third party devices do not work properly with ACS
NAR's. Also attribute 32 is used to identify the NAS under Network Configuration only if attribute 4 does not exist in the access-accept
packet. If attribute 4 exists, then 32 is ignored. In summary, attributes 4 and 32 are used to identify the NAS, and attributes 30 and
31 are used to filter based.
I would suggest you to use both IP base and CLI/DNIS base NAR and that should work fine.
Regards,
~JG
Do rate helpful posts!
08-28-2012 01:12 PM
Hi,
NAR is based on matching attribute information sent by a AAA client. Therefore the format and content of the attributes that a AAA client
sends is important if we want to employ NARs effectively. It seems that the device ( on which the user tried to log on) is not able to send
attributes 30, 31 to the ACS server and therefore NAR is not getting applied.
Radius attributes 30 and 31 are required for ACS to process the NAR. This is why many third party devices do not work properly with ACS
NAR's. Also attribute 32 is used to identify the NAS under Network Configuration only if attribute 4 does not exist in the access-accept
packet. If attribute 4 exists, then 32 is ignored. In summary, attributes 4 and 32 are used to identify the NAS, and attributes 30 and
31 are used to filter based.
I would suggest you to use both IP base and CLI/DNIS base NAR and that should work fine.
Regards,
~JG
Do rate helpful posts!
08-28-2012 10:17 PM
thank you veery match , it's working fine now .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide