https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343413#M432635 <HTML><HEAD></HEAD><BODY><P>Here's the relevant parts of my running-config:</P><P></P><P>aaa new-model</P><P>!</P><P>!</P><P>aaa authentication login default local group radius</P><P>aaa authentication ppp default group radius local</P><P>aaa authorization exec default local if-authenticated </P><P>aaa authorization network default local if-authenticated </P><P>aaa accounting update newinfo</P><P>aaa accounting network default start-stop group radius</P><P></P><P>username username access-class 110</P><P>username username autocommand ppp negotiate</P><P></P><P>access-list 110 deny ip any any</P><P></P><P>-------------------</P><P></P><P>I want to place an ACL directly on user username restricting IP access to specific IP addrs. W/this config, however, I can't get username to adopt access-list 110.</P><P></P><P>TIA for suggestions.</P><P></P></BODY></HTML> Tue, 01 Mar 2005 19:43:59 GMT jczaplewski 2005-03-01T19:43:59Z https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343410#M432630 <P>Have a 5350 communications server, using Radius to authenticate, but want to set an ACL on the Cisco side (local) to limit network communiations after PPP connection to one IP addr. I've tried multiple access-list commands, but have been unable to associate them w/the single user. Any suggestions? TIA.</P><P></P><P><A href="mailto:bennegl@shands.ufl.edu" target="_blank">bennegl@shands.ufl.edu</A></P> Sun, 10 Mar 2019 21:01:47 GMT https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343410#M432630 jczaplewski 2019-03-10T21:01:47Z https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343411#M432631 <HTML><HEAD></HEAD><BODY><P>As I see it, best option is to use ACLs.</P></BODY></HTML> Tue, 01 Mar 2005 17:15:17 GMT https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343411#M432631 2005-03-01T17:15:17Z https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343412#M432633 <HTML><HEAD></HEAD><BODY><P>Your post does not give us much to work with. If you could provide some more specifics - what is the topology, what addressing is used on the 5350 communications server, what addressing is assigned from the dial pool to dial in users, what access are you attempting to control, what have you tried in access lists and where and how did you apply them. If we knew these things we could help you better.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Tue, 01 Mar 2005 18:50:28 GMT https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343412#M432633 Richard Burts 2005-03-01T18:50:28Z https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343413#M432635 <HTML><HEAD></HEAD><BODY><P>Here's the relevant parts of my running-config:</P><P></P><P>aaa new-model</P><P>!</P><P>!</P><P>aaa authentication login default local group radius</P><P>aaa authentication ppp default group radius local</P><P>aaa authorization exec default local if-authenticated </P><P>aaa authorization network default local if-authenticated </P><P>aaa accounting update newinfo</P><P>aaa accounting network default start-stop group radius</P><P></P><P>username username access-class 110</P><P>username username autocommand ppp negotiate</P><P></P><P>access-list 110 deny ip any any</P><P></P><P>-------------------</P><P></P><P>I want to place an ACL directly on user username restricting IP access to specific IP addrs. W/this config, however, I can't get username to adopt access-list 110.</P><P></P><P>TIA for suggestions.</P><P></P></BODY></HTML> Tue, 01 Mar 2005 19:43:59 GMT https://community.cisco.com/t5/network-access-control/cisco-5350-user-based-authorization/m-p/343413#M432635 jczaplewski 2005-03-01T19:43:59Z