Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
1
Replies

Network Access Restrictions - ACS

antonios
Level 1
Level 1

‎07-09-2008 07:18 AM - edited ‎02-21-2020 10:21 AM

hi ,

Was wondering if anyone could help. I am wanting to configure groups of users in ACS so that for example a VPN user is not allowed to access management of network devices.

I have setup NAR , with groups of NAS devices, and find that NAR works well with switches, with the PIX firewall however i find that the NAR configuration does not work. I see that the Switch sends a Calling-Station-Id", the PIX does not seem to send this and i am wondering if this could be causing the issue.

Any ideas around this would be great thanks.

Labels:
0 Helpful
1 Reply 1

Jagdeep Gambhir
Level 10
Level 10

‎07-09-2008 09:26 AM

I recommend configuring both IP-based NAR's and CLI/DNIS-based NAR's at the same time.

Some devices send a NAS-Port attribute as an IP address, and some devices send as a phone number or something else. It's easiest to just

configure the top and bottom sections at the same time. If you only want to deny access to one device, just configure a 'deny' with that device listed in the "NAS" section and all other devices will be permitted by default.

After you select the appropriate NAS in both sections, fill in all fields with an asterisk '*'. In other words, the Port and Address fields in IP-Based will have a *, and Port, CLI, and DNIS in CLI-Based will also have a *.

This configuration should work for you.

Regards,

~JG

Do rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents