Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
2
Replies

MAC and NAR

eir-dialint
Level 1
Level 1

‎08-19-2005 07:39 AM - edited ‎03-10-2019 02:16 PM

hello All,

is there a way of using Cisco ACS 3.3 on Win2k server to use the CLI part of a NAR to restrict access based upon users MAC address? I have a Cisco Router forwarding on radius requests to the ACS.

Thanks,

Russell.

Labels:
0 Helpful
2 Replies 2

pradeepde
Level 5
Level 5

‎08-24-2005 12:09 PM

You can use NAR to restrict access based on values other than CLIs, such as an IP address or MAC address; for information, see http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102173.html#277

0 Helpful

eir-dialint
Level 1
Level 1
In response to pradeepde

‎08-25-2005 02:28 AM

Thanks,

I have seen this documentation already and this is what prompted me to try and implement this. I have tried specifying the clients MAC address in the CLI field in a non IP NAR. However this does not work. I have looked at the radius accounting logs and the MAC address is not being presented in the calling station id radius attribute. So I need to try and clarify how implement what Cisco say the link you gave me. See below

"However, by entering an IP address in place of the CLI you can use the non-IP-based filter even when the AAA client does not use a Cisco IOS release that supports CLI or DNIS. In another exception to entering a CLI, you can enter a MAC address to permit or deny"

0 Helpful
Customers Also Viewed These Support Documents