Hi, all! Is it possible to make downloadable ACL works with Cisco IOS L2TP/PPTP server and Cisco Secure ACS 5.6? I'm getting attribute according to ppp negotiation, but nothing happens:
000563: *Feb 9 13:50:34.676 MSK: ALLOC-FREE: AAA/ATTR(0000000F): del attr: sublist(0x87CB9690) index(1): 87CB96CC 0 00000081 CiscoSecure-Defined-ACL(826) 31 #ACSACL#-IP-RESTRICTED-56d0d142
#debug aaa authorization
AAA Authorization debugging is on
003042: *Feb 9 14:35:40.378 MSK: AAA/BIND(00000016): Bind i/f
003043: *Feb 9 14:35:40.382 MSK: AAA/BIND(00000016): Bind i/f Virtual-Template2
003044: *Feb 9 14:35:40.594 MSK: ERROR: AAA/ATTR: invalid attribute prefix: "ACS"
003045: *Feb 9 14:35:40.606 MSK: AAA/BIND(00000016): Bind i/f Virtual-Access2.1
I know about CSCsz52486 but I'm using C880 Software (C880DATA-UNIVERSALK9-M), Version 15.3(3)M5. Is it affected?
I can't use cisco-avpair="ip:inacl#" since my ACL more than 4096 bytes (max per RFC 2865 for radius attributes) in summary and I can't apply it correctly with this attribute #11.
Maybe Cisco will implement https://tools.ietf.org/html/draft-perez-radext-radius-fragmentation-01 in the future?
Thank you in advance.