×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Configuring Authorisations

Unanswered Question
Jan 17th, 2003
User Badges:

I have a basic AAA question...


Is it possible with RADIUS to restrict access to certain resources for specific users. In other words how do I configure an access list on the RADIUS that can be applied to users dialling into the network.


Can these work with Dial-Up(AS5300 & c3600), VPN and WLAN?


Thanks for your help...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.mayat Tue, 01/21/2003 - 09:09
User Badges:

Thanks very much for your response...


I have tried to follow the doc through but it has been written for ACS 2.3 Unix, rather than Windows 3.1. However, Ithink the procedure is similar.


The [11] Filter-Id field allows for the input of an ACL number and the direction it works in.


Do you know if there is any more up-to-date documentation with a working example that shows where the ACL entries are written e.g. permit 10.0.0.0


Also, do you know if Shiva equipment is able to understand the filter-Id attribute?


Thanks for your help

a.mayat Thu, 02/06/2003 - 03:34
User Badges:

I am still having problems with this...


The above links shows how you can enable authorisations by having an ACL defined in the NAS and the name referenced in ACS.


What I need to be able to do is restrict access for certain users to specific servers only, can this be done with all the configurations held on the ACS instead of the NAS?


Having an ACL on the NAS is unmanageable, as we have many NAS devices.


Any sugesstions?


Thanks again for your help

4brown Thu, 02/06/2003 - 06:50
User Badges:

You can useper user virtual profiles and assign the acls to the user such as:


RADIUS user profile: foo

Password = "bar"

User-Service-Type = Framed-User,

Framed-Protocol = PPP,

cisco-avpair = "ip:inacl#1=deny 10.10.10.10 0.0.0.0"


You assign the avpair under the custom attributes section. This works when virtual profiles are configured in the NAS. For an example how, search on the Cisco site for virtual profiles.





Actions

This Discussion