Downloadable IP ACL with AS5350

Unanswered Question
Aug 9th, 2007
User Badges:

with the installation of the newest ACS, for Radius authorisation the use of downloadable IP ACLs has been implemented.

However on the AS5350 I see that it does n't recognise this feature (I'm using the IOS 12.4.12, following the cisco site this feature should be known)

Can anybody tell me what I do have to configure on the AS5350, so that it recognises this attribute

ON the cisco site, I cannot find any link between these ACLs and the AS5350.

Thanks for helping me.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Mon, 08/13/2007 - 05:38
User Badges:
  • Red, 2250 points or more

Hi Ellen

I'll suggest to disregard the Downloadable ACL's. I'm mailing you an alternative way to configure this using 'cisco av-pair'

Go to 'Interface Configuration' ->'RADIUS (Cisco IOS/PIX)'

User Group [026/009/001] cisco-av-pair

Select cisco-av-pair on the Group basis.

Now Go to group settings for that group


There under [009\001] cisco-av-pair , list box add the following:

Example :

ip:inacl#1=deny tcp any eq http

ip:inacl#2=permit ip any any

Try this and let me know.



Please rate if helps

verbruggen Mon, 09/03/2007 - 03:32
User Badges:

Hi JG,

sorry for the late reply, but I was not in the office for 3 weeks.

The people that are managing the Radius server are not willing to implement AV pairs.

The want to to know whether downloadable ACL can be used with AS5350? (before wanting to try your alternative)

Can you tell me whether this feature is available with AS5350?



Jagdeep Gambhir Tue, 09/04/2007 - 09:13
User Badges:
  • Red, 2250 points or more


On 5300 we need min IOS IOS 12.3(8)T or later to support it. I'm not sure if we have code for AS5350.

If you'd like to see some examples, here is a link which sort of describes some examples

of what the radius av-pair looks like.


Else use inacl attribute:




This Discussion