Hello,
is there a way to have multiple instances of user custom attributes and
insert those as multiple instances of the A/V Pair in the authorisation profile in ACS 5.2/5.3 ?
Background:
We have to migrate a ACS 4.2 to 5.3.
In ACS 4.2 our client used the multiline attribute
Number | Name | Description | Type of Value | Inbound/Outbound | Multiple |
---|
22 | Framed-Route | Routing information to configure for the user on this AAA client. The RADIUS RFC (Request for Comments) format (net/bits [router [metric]]) and the old style dotted mask (net mask [router [metric]]) are supported. If the router field is omitted or zero (0), the peer IP address is used. Metrics are ignored. | String | Outbound | Yes |
to specify multiple routes to various networks in the RADIUS reply spcific for every single PPP username of routers dialing in.
Using the internal user database, extended by a string attribute and using that attribute as source of a dynamic value
in the access-policy works basically.
But as I have only ONE single line instance of the attribute for every user, I can only return ONE framed-route.
We have lots of cases where multiple routes have to be assigned to one router.
I 'd like to avoid defining a seperate access profile for every remote RAS router for external PPP Dial-In...
I Think Jack here https://supportforums.cisco.com/thread/2032506 has a simmilar issue...
Any idea?
Thanks, Frank