Configuring Radius Authorization; Configuring The Radius Server To Download Per-User Access Control Lists - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 12
Configuring AAA
Configuring RADIUS Authorization
You can configure a RADIUS server to download an ACL to the FWSM or an ACL name at the time of
authentication. See the
more information about configuring authentication. The user is authorized to do only what is permitted
in the user's ACL. This section includes the following topics:
•
•
Configuring the RADIUS Server to Download Per-User Access Control Lists
This section describes how to configure a CiscoSecure ACS RADIUS server or a third-party RADIUS
server, and includes the following topics:
•
•
Configuring a CiscoSecure ACS RADIUS Server for Downloadable ACLs
You can configure ACLs on the CiscoSecure ACS RADIUS server as a shared profile component and
then assign the ACL to a group or to an individual user.
The ACL definition consists of one or more FWSM commands that are similar to the extended
access-list command (see the
without the following prefix:
access-list acl_name extended
The following example is an ACL definition before it is downloaded to the FWSM:
+--------------------------------------------+
| Shared profile Components
|
|
|
| Name:
| Description:
|
|
|
|
| permit tcp any host 10.0.0.254
| permit udp any host 10.0.0.254
| permit icmp any host 10.0.0.254
| permit tcp any host 10.0.0.253
| permit udp any host 10.0.0.253
| permit icmp any host 10.0.0.253
| permit tcp any host 10.0.0.252
| permit udp any host 10.0.0.252
| permit icmp any host 10.0.0.252
| permit ip any any
+--------------------------------------------+
The downloaded ACL on the FWSM has the following name:
#ACSACL#-ip- acl_name - number
OL-6392-01
"Configuring Authentication for Network Access" section on page 12-20
Configuring the RADIUS Server to Download Per-User Access Control Lists, page 12-25
Configuring the RADIUS Server to Download Per-User Access Control List Names, page 12-27
Configuring a CiscoSecure ACS RADIUS Server for Downloadable ACLs, page 12-25
Configuring a Third-Party RADIUS Server for Downloadable ACLs, page 12-26
"Adding an Extended Access Control List" section on page
Downloadable PIX ACLs
acs_ten_acl
10 access-list commands
ACL Definitions
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Configuring Authorization for Network Access
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for
10-13), except
12-25
Advertisement
Table of Contents
Troubleshooting
