Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Downloadable IP ACL with AS5350

with the installation of the newest ACS, for Radius authorisation the use of downloadable IP ACLs has been implemented.

However on the AS5350 I see that it does n't recognise this feature (I'm using the IOS 12.4.12, following the cisco site this feature should be known)

Can anybody tell me what I do have to configure on the AS5350, so that it recognises this attribute

ON the cisco site, I cannot find any link between these ACLs and the AS5350.

Thanks for helping me.

Ellen

3 REPLIES

Re: Downloadable IP ACL with AS5350

Hi Ellen

I'll suggest to disregard the Downloadable ACL's. I'm mailing you an alternative way to configure this using 'cisco av-pair'

Go to 'Interface Configuration' ->'RADIUS (Cisco IOS/PIX)'

User Group [026/009/001] cisco-av-pair

Select cisco-av-pair on the Group basis.

Now Go to group settings for that group

Jump to -> RADIUS (CISCO IOS/PIX)

There under [009\001] cisco-av-pair , list box add the following:

Example :

ip:inacl#1=deny tcp 10.8.105.0 0.0.0.255 any eq http

ip:inacl#2=permit ip any any

Try this and let me know.

Regards,

~JG

Please rate if helps

New Member

Re: Downloadable IP ACL with AS5350

Hi JG,

sorry for the late reply, but I was not in the office for 3 weeks.

The people that are managing the Radius server are not willing to implement AV pairs.

The want to to know whether downloadable ACL can be used with AS5350? (before wanting to try your alternative)

Can you tell me whether this feature is available with AS5350?

Thanks.

Ellen

Re: Downloadable IP ACL with AS5350

Ellen,

On 5300 we need min IOS IOS 12.3(8)T or later to support it. I'm not sure if we have code for AS5350.

If you'd like to see some examples, here is a link which sort of describes some examples

of what the radius av-pair looks like.

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/products_feat

ure_guide09186a00801ede8b.html#wp1047714

Else use inacl attribute:

http://www.cisco.com/en/US/partner/products/ps6350/products_command_referenc

e_chapter09186a008042f6b4.html#wp1017169

Regards,

168
Views
0
Helpful
3
Replies
CreatePlease to create content