Thanks Tyson/Mohammed Gazzaz. With radius, authorization method list need not be configured.
With regards Kings On Thu, Oct 8, 2009 at 7:44 PM, Tyson Scott <[email protected]> wrote: > Maybe it is because of you naming your ACL and aaa-server group the same > name. I definitely didn’t have this problem when I did Lab 13 task 6.2, > which is downloadable ACL’s using radius with Cut Thru Proxy. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > > Telephone: +1.810.326.1444 > Cell: +1.248.504.7309 > Fax: +1.810.454.0130 > Mailto: [email protected] > > > > Join our free online support and peer group communities: > http://www.IPexpert.com/communities <http://www.ipexpert.com/communities> > > > > IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On > Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, > CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE > Storage Lab Certifications. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Thursday, October 08, 2009 9:28 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Cut-through proxy doesn't support radius > authorization for downloadable ACLs > > > > Hi all > > > > I am trying to configure Radius downloadable ACLs with cut-through proxy. > The ASA is not allowing me to associate the Radius AAA group to the > authorization method list. > > > > primary(config)# aaa authorization match mine inside mine > Authorization is not supported in RADIUS > > > > primary(config)# aaa authorization include any inside 0 0 0 0 mine > Warning: The keyword 'any' will be converted to 'tcp/0' in config. > Authorization is not supported in RADIUS > > > > > > But, I tried a workaround where first I configured the AAA group with > TACACS and then associated the group to the method list. After that I > converted the TACACS group to radius and then I was able to > > download the ACLs from ACS? > > > > > > > > > > With regards > > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
