Hello Jerome, If you have not configured any settings for the user on the ACS, then the other looks for these attributes in other places. The immediate next place it will look for the group-lock attribute is under the "group-policy" to which the user is assinged to.
If it doesn't find it there, it will check the group-policy that you have defined as the default-group-policy(under the tunnel general -attributes configuration ). So, if you add the *group-lock *command to the group-policy, then IMO it should still work. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
