Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
3
Replies

Downloadable IP ACL with AS5350

verbruggen
Level 1
Level 1

‎08-09-2007 04:10 AM

with the installation of the newest ACS, for Radius authorisation the use of downloadable IP ACLs has been implemented.

However on the AS5350 I see that it does n't recognise this feature (I'm using the IOS 12.4.12, following the cisco site this feature should be known)

Can anybody tell me what I do have to configure on the AS5350, so that it recognises this attribute

ON the cisco site, I cannot find any link between these ACLs and the AS5350.

Thanks for helping me.

Ellen

Labels:
0 Helpful
3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

‎08-13-2007 05:38 AM

Hi Ellen

I'll suggest to disregard the Downloadable ACL's. I'm mailing you an alternative way to configure this using 'cisco av-pair'

Go to 'Interface Configuration' ->'RADIUS (Cisco IOS/PIX)'

User Group [026/009/001] cisco-av-pair

Select cisco-av-pair on the Group basis.

Now Go to group settings for that group

Jump to -> RADIUS (CISCO IOS/PIX)

There under [009\001] cisco-av-pair , list box add the following:

Example :

ip:inacl#1=deny tcp 10.8.105.0 0.0.0.255 any eq http

ip:inacl#2=permit ip any any

Try this and let me know.

Regards,

~JG

Please rate if helps

0 Helpful

verbruggen
Level 1
Level 1
In response to Jagdeep Gambhir

‎09-03-2007 03:32 AM

Hi JG,

sorry for the late reply, but I was not in the office for 3 weeks.

The people that are managing the Radius server are not willing to implement AV pairs.

The want to to know whether downloadable ACL can be used with AS5350? (before wanting to try your alternative)

Can you tell me whether this feature is available with AS5350?

Thanks.

Ellen

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to verbruggen

‎09-04-2007 09:13 AM

Ellen,

On 5300 we need min IOS IOS 12.3(8)T or later to support it. I'm not sure if we have code for AS5350.

If you'd like to see some examples, here is a link which sort of describes some examples

of what the radius av-pair looks like.

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/products_feat

ure_guide09186a00801ede8b.html#wp1047714

Else use inacl attribute:

http://www.cisco.com/en/US/partner/products/ps6350/products_command_referenc

e_chapter09186a008042f6b4.html#wp1017169

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents