02-12-2008 02:58 AM - edited 03-10-2019 03:39 PM
Hi
I try to implement "Downloadable IP ACL" between 3560 (IOS 12.2(35)SE1) and An ACS Appliance 4.1.3.12 using Radius authentication of a user that want to connect on the switch.
The authentication works fine and I can log to the switch without problem
On ACS log and if you do a debug redius on the switch, you see that the functionality "Downloadable Ip ACL" is correctly use but nothing happen on the switch
If you try to show the access list apply you see nothing
I just want to know if it's possible to do that and if you have solution to implement this ?
Thanks for your help
02-18-2008 07:23 AM
From what I see at
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/admon/dynfilt.htm#2006410,
the 3000 can deal with what ACS sends if it's in the format on the IOS/PIX Radius attributes screen or the PIX ACLs screen, not
the "Downloadable IP ACLs" screen.
02-18-2008 07:53 AM
That's correct. This will be added onto in an upcoming release so that you can do it either way.
02-18-2008 08:06 AM
Thanks for your help, I will try again to implement the solution with [009\001] cisco-av-pair.
But I have try to do this the last time and it seems that don't work fine. but I will test another time.
thanks
02-20-2008 01:31 AM
Hi
I have try to implement the solution with cisco-av-pair but its don't work when i connect to the switch with a username create on the ACS.
If you know if there is differents parameters to change ? on the ACS ? or on the Switch ?
I have try to implement such think like
-- aaa authorization configuration
-- settings on ACS like Service Type,...
but nothing work fine
If you have any other idea ?
Thanks
02-20-2008 05:05 AM
How is the user connecting to the switch? With 802.1X?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide