I am currently using 2 AS5300s with 4 PRIs each. The AS5300 are doing AAA to Cisco ACS server via RADIUS. I am currently allocation address via an NT server running DHCP services. This has worked fine and dandy for over a year now, but of course things change. Managment now wants to limit where folks go when they dial into the network. My answer to this was/is to allocate addresses via Group/User and then apply access list againsts these addresses. I have been wrestling with this for about 3 days know and I can't seem to get it to work. I have four IP pools on the AS5300 and I have confiqured four goups in ACS and created a user in each group. When I dial into the AS5300 as one of these users I get an error "computer did not assign an address". Does anyone out there have this working, either with this set up or doing it another way?
Another way to do that is "per-user access-lists"..So when user get authenticated, radius server will send access-lists for that user to access server.. You can share those access-lists (av pairs) for a whoe group of users.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.