ACS Express 5.0 questions: downloadable ACL, RADIUS as an external database

Unanswered Question
Jan 19th, 2009
User Badges:


Could please someone answer two questions regarding ACS Express 5.0:

- does it support downloadable ACLs (for IOS auth proxy / ASA AAA Network Access)? As I can see from the documentation, at least not in the form ACS supports it, but can it be configured using AV pairs on per-user basis?

- can it use another RADIUS as external authentication database? Essentially what I need is to authenticate the user using "parent" ACS, but apply restrictions configured in local ACS Express.

Thank you!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jhillend Tue, 02/03/2009 - 11:52
User Badges:
  • Bronze, 100 points or more

To your first question: No.

To your second question: Yes, use the "One-Time-Password Server" external database option. This is really nothing more than a RADIUS request from ACS.

pvladimirov Tue, 02/03/2009 - 12:31
User Badges:

Thank you for the reply.

Could you please explain, why it is impossibble to use AV pairs on ACS Express to configure downloadable access lists. I found the following link explaining how to use AV pairs for it:

It is using regular ACS as an example, however it looks like ACS Express allows to configure AV pairs as well:

The only drawback I can see in using AV pairs instead of full Downloadable ACL support provided by ACS via Shared Objects, is that the access-list can be assigned on per-user basis, but only once, so it will be always same access-list for all clients.

Thank you!


This Discussion