Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA + FreeRadius: Downloadable ACL configuration

VPN users that are using FreeRadius are having access to all VLANs. VPN users using local authentication have local ACLs applied to their access.

I need to know what configuration change I need to make (on ASA or FreeRadius) to have the same ACLs (locally configured on the ASA) applied to the FreeRadius authenticated VPN users.

FreeRadius users file configuration:

cisco Auth-Type := System
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"

Please provide me with steps and configuration examples to specify which VLAN FREERADIUS VPN users can have access to.

What lines could I add to the users file to accomplish this? Do I need to specify a different service-type or auth-type? Are there any settings on the ASA to enable to enforce local ACLs for FreeRadius authenticated users?

Thanks in advance for all suggestions.

Everyone's tags (1)