Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1584
Views
0
Helpful
1
Replies

CSR1000v iVRF RADIUS attribute

flq06
Level 1
Level 1

‎04-11-2019 12:21 PM

Hello,

 

I've successfully setup the basis of SSLVPN on CSR1000v.

 

I'm using the "webvpn:addr-pool" to assign IPs to the clients which works great.

 

However I need to put users in specific VRFs based on the RADIUS policy.

 

I tried using the "webvpn:user-vpn-group" attribute but it seems deprecated:

 

*Apr 11 19:17:07.138: CRYPTO-SSL-AAA: addr-pool: Processing AV

*Apr 11 19:17:07.138: CRYPTO-SSL-AAA: Address pool test

*Apr 11 19:17:07.138: CRYPTO-SSL-AAA: user-vpn-group: Processing AV

*Apr 11 19:17:07.138: CRYPTO-SSL-AAA: Unsupported AV Pair

 

Any idea what AVPair to use for VRF?

 

Thanks,

Labels:
0 Helpful
1 Reply 1

Mohammed al Baqari
Level 11
Level 11

‎04-11-2019 07:15 PM

The recommended cisco-avpair is ip:vrf-id. IOS-XE will read it and act
accordingly
0 Helpful
Customers Also Viewed These Support Documents