Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
1
Replies

Using NAR to restrict users to a location (Aironet AP)

jcrkelly
Level 1
Level 1

‎08-17-2005 09:49 AM - edited ‎03-10-2019 02:16 PM

Hello,

We have multiple sites, with multiple APs (1100 & 1200's mostly). We would like to be able to restrict RADIUS users to specific sites or even specific AP's within a site.

Each site has it's own unique subnet (ie: site 1 is 10.100.1.0/24 and site 2 is 10.101.1.0/24)

We have created NDGs for each site, and included all the APs in those NDGs, but any attempt to use the site's subnet info to restrict the client to that site alone has resulted in an 'all or nothing' scenario -- which is to say either it doesn't restrict them to only the one site, or it prevents them from accessesing even when at that one desired site.

Quick breakdown of topology:

Client PC - 1200AP - 2924 - ... - BBSM 5.3 - Cisco ACS 3.2 win2k

Any help is appreciated... we have reviewed the ACS user guide for the NAR & Group Management sections to no avail.

Labels:
0 Helpful
1 Reply 1

simonstoll
Level 1
Level 1

‎08-19-2005 06:07 AM

Hi

You can do so by defining "Per Group Defined Network Access Restriction". You have to enable "Define IP-based access restrictions", there you can add your NDG with a port of * and an Adress of *

That way it works fine in our network. If you wan't to make the restriction even more granular, you can do so by setting the cisco-av-pair (attribut 009/001) to

ssid=ssidname

that way the user can only login on the specific ap to a specific (or a list of) SSID.

hope that helps

0 Helpful
Customers Also Viewed These Support Documents