Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Downloadabel IP ACL with ACS and 3560 ?

Hi

I try to implement "Downloadable IP ACL" between 3560 (IOS 12.2(35)SE1) and An ACS Appliance 4.1.3.12 using Radius authentication of a user that want to connect on the switch.

The authentication works fine and I can log to the switch without problem

On ACS log and if you do a debug redius on the switch, you see that the functionality "Downloadable Ip ACL" is correctly use but nothing happen on the switch

If you try to show the access list apply you see nothing

I just want to know if it's possible to do that and if you have solution to implement this ?

Thanks for your help

5 REPLIES
Silver

Re: Downloadabel IP ACL with ACS and 3560 ?

From what I see at

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/admon/dynfilt.htm#2006410,

the 3000 can deal with what ACS sends if it's in the format on the IOS/PIX Radius attributes screen or the PIX ACLs screen, not

the "Downloadable IP ACLs" screen.

Cisco Employee

Re: Downloadabel IP ACL with ACS and 3560 ?

That's correct. This will be added onto in an upcoming release so that you can do it either way.

Community Member

Re: Downloadabel IP ACL with ACS and 3560 ?

Thanks for your help, I will try again to implement the solution with [009\001] cisco-av-pair.

But I have try to do this the last time and it seems that don't work fine. but I will test another time.

thanks

Community Member

Re: Downloadabel IP ACL with ACS and 3560 ?

Hi

I have try to implement the solution with cisco-av-pair but its don't work when i connect to the switch with a username create on the ACS.

If you know if there is differents parameters to change ? on the ACS ? or on the Switch ?

I have try to implement such think like

-- aaa authorization configuration

-- settings on ACS like Service Type,...

but nothing work fine

If you have any other idea ?

Thanks

Cisco Employee

Re: Downloadabel IP ACL with ACS and 3560 ?

How is the user connecting to the switch? With 802.1X?

175
Views
0
Helpful
5
Replies
CreatePlease to create content