Downloadabel IP ACL with ACS and 3560 ?

Unanswered Question
Feb 12th, 2008


I try to implement "Downloadable IP ACL" between 3560 (IOS 12.2(35)SE1) and An ACS Appliance using Radius authentication of a user that want to connect on the switch.

The authentication works fine and I can log to the switch without problem

On ACS log and if you do a debug redius on the switch, you see that the functionality "Downloadable Ip ACL" is correctly use but nothing happen on the switch

If you try to show the access list apply you see nothing

I just want to know if it's possible to do that and if you have solution to implement this ?

Thanks for your help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jafrazie Mon, 02/18/2008 - 07:53

That's correct. This will be added onto in an upcoming release so that you can do it either way.

s.berthier Mon, 02/18/2008 - 08:06

Thanks for your help, I will try again to implement the solution with [009\001] cisco-av-pair.

But I have try to do this the last time and it seems that don't work fine. but I will test another time.


s.berthier Wed, 02/20/2008 - 01:31


I have try to implement the solution with cisco-av-pair but its don't work when i connect to the switch with a username create on the ACS.

If you know if there is differents parameters to change ? on the ACS ? or on the Switch ?

I have try to implement such think like

-- aaa authorization configuration

-- settings on ACS like Service Type,...

but nothing work fine

If you have any other idea ?



This Discussion