Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS Express 5.0 questions: downloadable ACL, RADIUS as an external database

Hi,

Could please someone answer two questions regarding ACS Express 5.0:

- does it support downloadable ACLs (for IOS auth proxy / ASA AAA Network Access)? As I can see from the documentation, at least not in the form ACS supports it, but can it be configured using AV pairs on per-user basis?

- can it use another RADIUS as external authentication database? Essentially what I need is to authenticate the user using "parent" ACS, but apply restrictions configured in local ACS Express.

Thank you!

2 REPLIES
New Member

Re: ACS Express 5.0 questions: downloadable ACL, RADIUS as an ex

To your first question: No.

To your second question: Yes, use the "One-Time-Password Server" external database option. This is really nothing more than a RADIUS request from ACS.

New Member

Re: ACS Express 5.0 questions: downloadable ACL, RADIUS as an ex

Thank you for the reply.

Could you please explain, why it is impossibble to use AV pairs on ACS Express to configure downloadable access lists. I found the following link explaining how to use AV pairs for it:

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_configuration_guide_chapter09186a00801fd703.html#wp391111

It is using regular ACS as an example, however it looks like ACS Express allows to configure AV pairs as well:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_express/5.0/user/guide/policy.html#wp1043805

The only drawback I can see in using AV pairs instead of full Downloadable ACL support provided by ACS via Shared Objects, is that the access-list can be assigned on per-user basis, but only once, so it will be always same access-list for all clients.

Thank you!

255
Views
0
Helpful
2
Replies