From: Vivek Santuka (vivsan@gmail.com)
Date: Thu Jun 07 2007 - 18:27:43 ART
Hi Peter,
With Radius Authorization happens with Authentication. PIX will not allow
authorization with RADIUS to be defined seperately.
For DACLs with cut-through authentication try using cisco-av-pair or Shared
Profile Components - DACLs
Regards,
Vivek Santuka
CCIE #17621 (Security)
On 6/7/07, Peter Svidler <doubleccie@yahoo.com> wrote:
>
> Folks ;
> I am trying the downloadable ACL using Radius for traffic passing
> through a PIX
>
> as i understand this , there are 3 ways to achieve this , first one
> (which im trying here ) is create the acl on the PIX and retrieve the name
> of the ACL via Radius IETF field-ID 11 as explained in the documentation .
>
> now before i put anything on that field , everything works fine , the
> traffic gets authenticated and pass through the pix
>
> once i put this option (acl=eng ) where eng is the name of the ACL
> created on the pix , i get an authorization error when i try to authenticate
> (sound logical and fair )
>
> but when i try to allow authorization via the RADIUS using the command
>
> aaa authorization match ACL1 inside RAD
>
> Authorization is not supported in RADIUS
>
> what am i missing here ? do i need to Radius authorization to allow the
> downloadable ACL ? but Radius authorization is not supported
>
>
> any help is appreciated
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------
> Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
> panel and lay it on us.
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:47 ART