Downloadable ACL on Cisco IOS router (from ACS) ?

Unanswered Question
Jun 16th, 2010
User Badges:


(I am a bit new to some of the IOS Security features)

Is it possible to "download" and ACL from TACACS+ (ACS 5.1) OR RADIUS AV Pairs ?

       I know that the lists can be configured on ACS, but how are they applied on a IOS router ?

I have read about "lock and key ACL" , but the examples I have seen only use ACS to authenticate.

Also, if the lists can be downloaded, WHERE can they be applied ? Would it be limited to vty ?

         What I ultimately want, is to have an ACL applied per user, when VPN users login to the crypto map / Tunnel interface.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
shahedvoicerite Thu, 06/17/2010 - 02:12
User Badges:

Thanks, but I already know that it IS possible in ACS.

My question is how do I *USE* this on an IOS router like a 2811. (As opposed to a PIX/ASA)

i.e What IOS commands do I enter, and where can I enter them, to make use of such ACLs.

I cant seem to find any docs on this, and the only "lock and key" dACL example, does not show how to download the ACL

from ACS.

At this point, I am not sure if this feature is even supported on IOS routers, or if its only for PIX/ASA



This Discussion