VPN users that are using FreeRadius are having access to all VLANs. VPN users using local authentication have local ACLs applied to their access.
I need to know what configuration change I need to make (on ASA or FreeRadius) to have the same ACLs (locally configured on the ASA) applied to the FreeRadius authenticated VPN users.
FreeRadius users file configuration:
cisco Auth-Type := System
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
Please provide me with steps and configuration examples to specify which VLAN FREERADIUS VPN users can have access to.
What lines could I add to the users file to accomplish this? Do I need to specify a different service-type or auth-type? Are there any settings on the ASA to enable to enforce local ACLs for FreeRadius authenticated users?
Thanks in advance for all suggestions.