Maybe it is because of you naming your ACL and aaa-server group the same name. I definitely didn't have this problem when I did Lab 13 task 6.2, which is downloadable ACL's using radius with Cut Thru Proxy.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: <mailto:[email protected]> [email protected] Join our free online support and peer group communities: <http://www.ipexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Thursday, October 08, 2009 9:28 AM To: [email protected] Subject: [OSL | CCIE_Security] Cut-through proxy doesn't support radius authorization for downloadable ACLs Hi all I am trying to configure Radius downloadable ACLs with cut-through proxy. The ASA is not allowing me to associate the Radius AAA group to the authorization method list. primary(config)# aaa authorization match mine inside mine Authorization is not supported in RADIUS primary(config)# aaa authorization include any inside 0 0 0 0 mine Warning: The keyword 'any' will be converted to 'tcp/0' in config. Authorization is not supported in RADIUS But, I tried a workaround where first I configured the AAA group with TACACS and then associated the group to the method list. After that I converted the TACACS group to radius and then I was able to download the ACLs from ACS? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
