Catalyst 6500 Series

Cisco Catalyst 6500 Series User Manual

392 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Page #245 background image

Loading...

Page #245 background image

12-25

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide

OL-6392-01

Chapter 12 Configuring AAA

Configuring Authorization for Network Access

Configuring RADIUS Authorization

You can configure a RADIUS server to download an ACL to the FWSM or an ACL name at the time of

authentication. See the “Configuring Authentication for Network Access” section on page 12-20 for

more information about configuring authentication. The user is authorized to do only what is permitted

in the user’s ACL. This section includes the following topics:

• Configuring the RADIUS Server to Download Per-User Access Control Lists, page 12-25

• Configuring the RADIUS Server to Download Per-User Access Control List Names, page 12-27

Configuring the RADIUS Server to Download Per-User Access Control Lists

This section describes how to configure a CiscoSecure ACS RADIUS server or a third-party RADIUS

server, and includes the following topics:

• Configuring a CiscoSecure ACS RADIUS Server for Downloadable ACLs, page 12-25

• Configuring a Third-Party RADIUS Server for Downloadable ACLs, page 12-26

Configuring a CiscoSecure ACS RADIUS Server for Downloadable ACLs

You can configure ACLs on the CiscoSecure ACS RADIUS server as a shared profile component and

then assign the ACL to a group or to an individual user.

The ACL definition consists of one or more FWSM commands that are similar to the extended

access-list command (see the “Adding an Extended Access Control List” section on page 10-13), except

without the following prefix:

access-list

acl_name

extended

The following example is an ACL definition before it is downloaded to the FWSM:

+--------------------------------------------+

| Shared profile Components |

| |

| Downloadable PIX ACLs |

| |

| Name: acs_ten_acl |

| Description: 10 access-list commands |

| |

| |

| ACL Definitions |

| |

| permit tcp any host 10.0.0.254 |

| permit udp any host 10.0.0.254 |

| permit icmp any host 10.0.0.254 |

| permit tcp any host 10.0.0.253 |

| permit udp any host 10.0.0.253 |

| permit icmp any host 10.0.0.253 |

| permit tcp any host 10.0.0.252 |

| permit udp any host 10.0.0.252 |

| permit icmp any host 10.0.0.252 |

| permit ip any any |

+--------------------------------------------+

The downloaded ACL on the FWSM has the following name:

#ACSACL#-ip-

acl_name

-

number

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Command Reference160 pages

Installation Guide194 pages

Configuration Note212 pages

Installation Note36 pages

Hardware Installation Guide134 pages

Troubleshooting10 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General

Brand	Cisco
Model	Catalyst 6500 Series
Category	Switch
Language	English

Related product manuals

Preview: Cisco Catalyst 6500-E Series

Cisco Catalyst 6500-E Series

Preview: 6509 - Catalyst Chassis Switch

6509 - Catalyst Chassis Switch

Preview: Cisco Catalyst 6880-X

Cisco Catalyst 6880-X

Preview: Cisco Catalyst 6807-XL

Cisco Catalyst 6807-XL

Cisco Catalyst 6816-X-LE

Cisco Catalyst 6832-X-LE

Cisco Catalyst 6840 Series

Preview: Cisco CATALYST 2960

Cisco CATALYST 2960

Preview: Cisco Catalyst 3560

Cisco Catalyst 3560

Preview: Cisco Catalyst 9200

Cisco Catalyst 9200

Preview: Cisco Catalyst 3650

Cisco Catalyst 3650

Preview: Cisco Catalyst 3850

Cisco Catalyst 3850