01-19-2009 02:54 PM - edited 03-10-2019 04:17 PM
Hi,
Could please someone answer two questions regarding ACS Express 5.0:
- does it support downloadable ACLs (for IOS auth proxy / ASA AAA Network Access)? As I can see from the documentation, at least not in the form ACS supports it, but can it be configured using AV pairs on per-user basis?
- can it use another RADIUS as external authentication database? Essentially what I need is to authenticate the user using "parent" ACS, but apply restrictions configured in local ACS Express.
Thank you!
02-03-2009 11:52 AM
To your first question: No.
To your second question: Yes, use the "One-Time-Password Server" external database option. This is really nothing more than a RADIUS request from ACS.
02-03-2009 12:31 PM
Thank you for the reply.
Could you please explain, why it is impossibble to use AV pairs on ACS Express to configure downloadable access lists. I found the following link explaining how to use AV pairs for it:
It is using regular ACS as an example, however it looks like ACS Express allows to configure AV pairs as well:
The only drawback I can see in using AV pairs instead of full Downloadable ACL support provided by ACS via Shared Objects, is that the access-list can be assigned on per-user basis, but only once, so it will be always same access-list for all clients.
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide