topic Cisco ASA + FreeRadius: Downloadable ACL configuration in Network Security https://community.cisco.com/t5/network-security/cisco-asa-freeradius-downloadable-acl-configuration/m-p/2537297#M237232 <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">VPN users that are using FreeRadius are having access to all VLANs. VPN users using local authentication have local ACLs applied to their access.</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">I need to know what configuration change I need to make (on ASA or FreeRadius) to have the same ACLs (locally configured on the ASA) applied to the FreeRadius authenticated VPN users.</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">FreeRadius users file configuration:</P> <PRE style="padding: 5px; border: 0px; font-size: 14px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; color: rgb(0, 0, 0); line-height: 17.804800033569336px; background: rgb(238, 238, 238);"> <CODE style="margin: 0px; font-size: 14px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; white-space: inherit; background: rgb(238, 238, 238);">cisco Auth-Type := System Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" </CODE></PRE> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">Please provide me with steps and configuration examples to specify which VLAN FREERADIUS VPN users can have access to.</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">What lines could I add to the users file to accomplish this? Do I need to specify a different service-type or auth-type? Are there any settings on the ASA to enable to enforce local ACLs for FreeRadius authenticated users?</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">Thanks in advance for all suggestions.</P> Tue, 12 Mar 2019 04:22:30 GMT aminx21234 2019-03-12T04:22:30Z Cisco ASA + FreeRadius: Downloadable ACL configuration https://community.cisco.com/t5/network-security/cisco-asa-freeradius-downloadable-acl-configuration/m-p/2537297#M237232 <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">VPN users that are using FreeRadius are having access to all VLANs. VPN users using local authentication have local ACLs applied to their access.</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">I need to know what configuration change I need to make (on ASA or FreeRadius) to have the same ACLs (locally configured on the ASA) applied to the FreeRadius authenticated VPN users.</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">FreeRadius users file configuration:</P> <PRE style="padding: 5px; border: 0px; font-size: 14px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; overflow: auto; width: auto; max-height: 600px; word-wrap: normal; color: rgb(0, 0, 0); line-height: 17.804800033569336px; background: rgb(238, 238, 238);"> <CODE style="margin: 0px; font-size: 14px; vertical-align: baseline; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; white-space: inherit; background: rgb(238, 238, 238);">cisco Auth-Type := System Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" </CODE></PRE> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">Please provide me with steps and configuration examples to specify which VLAN FREERADIUS VPN users can have access to.</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">What lines could I add to the users file to accomplish this? Do I need to specify a different service-type or auth-type? Are there any settings on the ASA to enable to enforce local ACLs for FreeRadius authenticated users?</P> <P style="margin-bottom: 1em; padding: 0px; border: 0px; font-size: 14px; vertical-align: baseline; clear: both; color: rgb(0, 0, 0); font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; line-height: 17.804800033569336px; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;">Thanks in advance for all suggestions.</P> Tue, 12 Mar 2019 04:22:30 GMT https://community.cisco.com/t5/network-security/cisco-asa-freeradius-downloadable-acl-configuration/m-p/2537297#M237232 aminx21234 2019-03-12T04:22:30Z