Ciscoman's notes (Записки цыщика c дипломом)

I'm Cisco Champion Community member for 2017!

I'm Cisco Champion Community member for 2017!
"Cisco Champions are passionate about Cisco and happy to share our knowledge, experience, and feedback."

вторник, 22 декабря 2015 г.

Radius configuration trick to allow "CLID-like" filtering on ACS for l2tp/pptp

Here is "trcik" to allow l2tp/pptp client access filtering based on their IP-address for ACS 5.X
1) configure NAS with "vpdn aaa attribute nas-ip-address vpdn-tunnel-client"
This command will allow IOS to send client ip address in attribute 4 like this output from debug:
RADIUS:  NAS-IP-Address      [4]   6  1.2.3.4
2) Use "compound condition"  in ACS Access Policies - Authorization rules to match based on this attribute.
Tested on 15.1(4)M6 IOS for 7200 series router.


Комментариев нет:

Отправить комментарий

Постоянные читатели

Поиск по этому блогу