01-17-2003 02:04 AM - edited 03-10-2019 07:06 AM
I have a basic AAA question...
Is it possible with RADIUS to restrict access to certain resources for specific users. In other words how do I configure an access list on the RADIUS that can be applied to users dialling into the network.
Can these work with Dial-Up(AS5300 & c3600), VPN and WLAN?
Thanks for your help...
01-17-2003 08:08 AM
01-21-2003 09:09 AM
Thanks very much for your response...
I have tried to follow the doc through but it has been written for ACS 2.3 Unix, rather than Windows 3.1. However, Ithink the procedure is similar.
The [11] Filter-Id field allows for the input of an ACL number and the direction it works in.
Do you know if there is any more up-to-date documentation with a working example that shows where the ACL entries are written e.g. permit 10.0.0.0
Also, do you know if Shiva equipment is able to understand the filter-Id attribute?
Thanks for your help
01-21-2003 09:30 AM
Check out:
http://www.cisco.com/warp/public/480/radius_ACL1.html
This is a better example. Not sure about Shiva.
Thanks
02-06-2003 03:34 AM
I am still having problems with this...
The above links shows how you can enable authorisations by having an ACL defined in the NAS and the name referenced in ACS.
What I need to be able to do is restrict access for certain users to specific servers only, can this be done with all the configurations held on the ACS instead of the NAS?
Having an ACL on the NAS is unmanageable, as we have many NAS devices.
Any sugesstions?
Thanks again for your help
02-06-2003 06:50 AM
You can useper user virtual profiles and assign the acls to the user such as:
RADIUS user profile: foo
Password = "bar"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
cisco-avpair = "ip:inacl#1=deny 10.10.10.10 0.0.0.0"
You assign the avpair under the custom attributes section. This works when virtual profiles are configured in the NAS. For an example how, search on the Cisco site for virtual profiles.
02-06-2003 01:48 PM
Here is the link which explains that in detail with different AAA server config.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide