Hello Fabrice, I apologize for not having be able to answer before.. many thanks for your replay in that matter. I could resolve it over the GUI, which is working perfectly.
Thank you, Carlos Am Mi., 20. März 2019 um 01:39 Uhr schrieb Durand fabrice via PacketFence-users <[email protected]>: > Hello Carlos, > > the correct syntax is this one: > > answer1 = Cisco-AVPair => ip:inacl#190=deny ip any 153.144.129.128 > 0.0.0.127;ip:inacl#200=deny ip any 153.144.27.0 > 0.0.0.255;ip:inacl#210=permit ip any any; > > > Regards > > Fabrice > > > Le 19-03-06 à 11 h 12, Carlos Wetli via PacketFence-users a écrit : > > Hello, > > I am trying to send back an ACL from Packetfence to the switch after > authentication: > > my acl in the radius-filter has multiple line like: > > answer19 = cisco-avpair => ip:inacl#190=deny ip any 153.144.129.128 > 0.0.0.127 > answer20 = cisco-avpair => ip:inacl#200=deny ip any 153.144.27.0 0.0.0.255 > answer21 = cisco-avpair => ip:inacl#210=permit ip any any > > I also tried like: > answer19 = cisco-avpair => ip:inacl#101=deny ip any 153.144.129.128 > 0.0.0.127 > answer20 = cisco-avpair => ip:inacl#101=deny ip any 153.144.27.0 0.0.0.255 > answer21 = cisco-avpair => ip:inacl#101=permit ip any any > > as I was not sure if the number after the dash is for ACL number or for > line number within ACL. > > but the switch is only receiving the last entry (seen on tcpdump and on > the switch) : > Tunnel-Private-Group-ID Attribute (81), length: 6, Value: 3050 > 0x0000: 3330 3530 > Tunnel-Medium-Type Attribute (65), length: 6, Value: Tag[Unused] > 802 > 0x0000: 0000 0006 > Vendor-Specific Attribute (26), length: 38, Value: Vendor: Cisco > (9) > Vendor Attribute: 1, Length: 30, Value: ip:inacl#210=permit ip > any any > 0x0000: 0000 0009 0120 6970 3a69 6e61 636c 2332 > 0x0010: 3130 3d70 6572 6d69 7420 6970 2061 6e79 > 0x0020: 2061 6e79 > > Is there anything wrong on my ACL? > > Thanks in advance, > Regards, > Carlos > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
