"Sallee, Stephen (Jake)" <[email protected]> writes:
> So! I am trying to replicate the Downloadable IP ACL function that we
> love so much in ACS, into Free RADIUS. It seems that this is done
> through the Cisco AV Pair radius attribute. If anyone has experience
> in this please drop me a line using my included contact info, if we
> move into production with it I will post back to the list for
> posterity what we did to get it to work.
I have absolutely no idea what Cisco ACS is doing, but this is how you
normally send an IP ACL from FreeRADIUS to an IOS device:
Cisco-AVPair += "ip:inacl#1=permit tcp any any eq 80",
Cisco-AVPair += "ip:inacl#2=deny ip any any"
It's a bit strange since they wrap tacacs+ attributes inside one RADIUS
VSA (Cisco-AVPair), but once you get that then it makes sort of sense..
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
