[cisco-bba] LNS: per user ACL with AAA

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Mon Dec 27 07:23:27 EST 2004


> I'll play around with certain RADIUS based user restrictions and
> wonder why some Cisco-AVPair's (like "lcp:interface-config=xxx")
> works but others don't. Especially the ACL-Attr "ip:inacl=xxx" seems
> not to be recognized from our LNS.
> 
> At the moment I'am not sure if this is a LNS (12.3(2)T7) or a RADIUS
> (freeRADIUS) problem. Someone out there who get "ip:[in/out]acl"
> working or who have some hints?

Can you post your AAA profile and/or "debug aaa radius authen" & "debug
aaa per-user"? I didn't try with 12.3(2)T7, but 12.3M happily accepts
and applies per-user ACLs constructed via "ip:inacl" on an LNS.

	oli



More information about the cisco-bba mailing list