Downloadable ACL Feature

Answered Question
Jan 9th, 2008
User Badges:

Hi all,


this question is about using an ASA with ACS to utilize downloadable per-user ACLs.


I understand that the user-specific ACL gets downloaded from the ACS, but how can I determine to which interface this ACL is bound ?


Is there a default setting, like: the interface the user is connecting to ?


If so, can it be overridden ?



Thanks in advance,


Oliver

Correct Answer by Jon Marshall about 9 years 4 months ago

Oliver


The acl gets applied to the interface referenced in the following command


aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS


So in the above example the downloadable acl would be applied to the inside interface


aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS


and in this one it would be applied to the outside interface.


Jon


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 01/09/2008 - 03:47
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Oliver


The acl gets applied to the interface referenced in the following command


aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS


So in the above example the downloadable acl would be applied to the inside interface


aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS


and in this one it would be applied to the outside interface.


Jon


keller.oliver Wed, 01/09/2008 - 04:14
User Badges:

Jon,



thanks for your fast and accurate reply, it was exactly what I wanted to know.



atb,


Oliver

Actions

This Discussion