Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Using AAA to limit access rights

Hi there.

I have a 2611 router, IOS version 12.3(25), configured as an VPN server. I have already configured the IP Sec parameters, users...and it is all working fine. But my customer needs to limit the access of one user that uses the same group and interface of the others. Is it possible to set up an AAA profile that matches some ACL to permit access to a few IP addresses, without a authentication server? I was thinking a method to set up an ACL and implement it on the interface, but this will affect the traffic of the other users, since their external access addresses are dynamic (one time they are at home, other time they are on the remote office and so on). Any ideas? Thanks in advance.



Re: Using AAA to limit access rights

Go for downloadable acl's. Following

requirements must be met:

* The AAA client must use RADIUS for authentication.

* The AAA client must support downloadable IP ACLs.

Examples of Cisco devices that support downloadable IP ACLs are:

* PIX Firewalls.

* VPN 3000-series concentrators.

* Cisco devices running IOS version 12.3(8)T or greater.

Check the following link for your reference:



Do rate helpful posts

Community Member

Re: Using AAA to limit access rights

Hey, Gambhir!

This link is great! I am reading carefully to make sure that it solves my problem; be sure that I will rate your post. Tks a lot!

Best regards.

Community Member

Re: Using AAA to limit access rights

Hi Gambhir.

Really, this document is fine, but does not solve my customer does not have a RADIUS server that could be available to run the service. Unfortunately, because it will be the perfect solution. Anyway, thanks a lot.


CreatePlease to create content