Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Downloadable ACL Feature

Hi all,

this question is about using an ASA with ACS to utilize downloadable per-user ACLs.

I understand that the user-specific ACL gets downloaded from the ACS, but how can I determine to which interface this ACL is bound ?

Is there a default setting, like: the interface the user is connecting to ?

If so, can it be overridden ?

Thanks in advance,

Oliver

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Downloadable ACL Feature

Oliver

The acl gets applied to the interface referenced in the following command

aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

So in the above example the downloadable acl would be applied to the inside interface

aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

and in this one it would be applied to the outside interface.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: Downloadable ACL Feature

Oliver

The acl gets applied to the interface referenced in the following command

aaa authentication include telnet -> inside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

So in the above example the downloadable acl would be applied to the inside interface

aaa authentication include telnet -> outside <- 192.168.3.0 255.255.255.0 0 0 RADIUS

and in this one it would be applied to the outside interface.

Jon

New Member

Re: Downloadable ACL Feature

Jon,

thanks for your fast and accurate reply, it was exactly what I wanted to know.

atb,

Oliver

121
Views
0
Helpful
2
Replies