Using Radius filter id attribute for VPN clients

Discussion in 'Cisco' started by Michael Flanigan, Jun 30, 2007.

  1. I have a 6509 MSFC with VPN service module handling VPN client access,
    authenticated by an RSA RADIUS server with tokens. I have tried to get the
    MSFC to recognize attribute 11, filter ID, but, although it is clearly
    there in the debug, the acl seems to have no effect. I have

    aaa authorization network groupauthor local
    specified for group shared-secret authentication. I also have

    aaa authorization network default group radrsa if-authenticated
    aaa authorization configuration default group radrsa

    for handling the filter attribute. I have tried with and without the 'if-
    authenticated'. I suspect from the debug that the local method specified
    for shared-secret handling is overriding the other specifications. Has
    anyone been able to use the aaa filter attribute with local shared secrets?
    Any other ideas as to the nature of the problem would be appreciated. I
    can supply debug and config as needed. Thanks
    Michael Flanigan, Jun 30, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.