Hi, I'm running two Radius clients (a C3005 and a web-server, i.e. an IETF client) and I want to restrict access of users/groups to them.
The problem I have is that when I'm using 'Ip based AR', no matter what I enter (permitted/denied, All Clients or a selection), all authentications are succesfull, and therefore not usable to me.
When I'm using a 'CLI/DNIS AR', the C3005 functions correctly (denied or allowed when applicable), but the web-server gets denied allways unless I'm configuring a 'permit all clients' entry (again, not usable to me...)
When looking at the ACS-logs (failed attempts) I see all entries are correct except for the NAS-port entry, which shows the username (odd...). The failure-code is 'User Access Filtered' (which is, considering the results, to be expected).
Anyone any ideas?
Grtz, Joost