cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1786
Views
0
Helpful
2
Replies

Downloadable ACL on Cisco IOS router (from ACS) ?

shahedvoicerite
Level 1
Level 1

Hi,

(I am a bit new to some of the IOS Security features)

Is it possible to "download" and ACL from TACACS+ (ACS 5.1) OR RADIUS AV Pairs ?

       I know that the lists can be configured on ACS, but how are they applied on a IOS router ?

I have read about "lock and key ACL" , but the examples I have seen only use ACS to authenticate.

Also, if the lists can be downloaded, WHERE can they be applied ? Would it be limited to vty ?

         What I ultimately want, is to have an ACL applied per user, when VPN users login to the crypto map / Tunnel interface.

Thanks

2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

Yes, this is possible.


Creating, Duplicating, and Editing Downloadable ACLs
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/pol_elem.html#wp1053438


For radius you may use the Cisco A/V pair, the format of ACL should be,


ip:inacl#=


"ip:inacl#1=permit tcp any any"



HTH

JK


Do rate helpful posts-



~Jatin

Thanks, but I already know that it IS possible in ACS.

My question is how do I *USE* this on an IOS router like a 2811. (As opposed to a PIX/ASA)

i.e What IOS commands do I enter, and where can I enter them, to make use of such ACLs.

I cant seem to find any docs on this, and the only "lock and key" dACL example, does not show how to download the ACL

from ACS.

At this point, I am not sure if this feature is even supported on IOS routers, or if its only for PIX/ASA

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: