Filter
Top Products
7-13
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 7 Setting Up and Managing User Accounts
Basic User Setup Options
Typically, you define (shared) NARs from within the Shared Components section
so that these restrictions can be applied to more than one group or user. For more
information, see the “Shared Network Access Restrictions Configuration” section
on page 5-7. You must have selected the User-Level Shared Network Access
Restriction check box on the Advanced Options page of the Interface
Configuration section for this set of options to appear in the Cisco Secure ACS
HTML interface.
However, Cisco Secure ACS also enables you to define and apply a NAR for a
single user from within the User Setup section. You must have enabled the
User-Level Network Access Restriction setting under the Advanced Options page
of the Interface Configuration section for single user IP-based filter options and
single user CLI/DNIS-based filter options to appear in the Cisco Secure ACS
HTML interface.
Note When an authentication request is forwarded by proxy to a Cisco Secure ACS,
any NARs for TACACS+ requests are applied to the IP address of the
forwarding AAA server, not to the IP address of the originating AAA client.
To set NARs for a user, follow these steps:
Step 1 Perform Steps 1 through 3 of the “Adding a Basic User Account” section on
page 7-5.
Result: The User Setup Edit page opens. The username being added or edited
appears at the top of the page.
Step 2 To apply a previously configured shared NAR to this user, follow these steps:
Note To apply a shared NAR, you must previously have configured it under
Network Access Restrictions in the Shared Profile Components
section. For more information, see the “Shared Network Access
Restrictions Configuration” section on page 5-7.
a. Select the Only Allow network access when check box.