Hello Carlos,
the correct syntax is this one:
answer1 = Cisco-AVPair => ip:inacl#190=deny ip any 153.144.129.128
0.0.0.127;ip:inacl#200=deny ip any 153.144.27.0
0.0.0.255;ip:inacl#210=permit ip any any;
Regards
Fabrice
Le 19-03-06 à 11 h 12, Carlos Wetli via PacketFence-users a écrit :
Hello,
I am trying to send back an ACL from Packetfence to the switch after
authentication:
my acl in the radius-filter has multiple line like:
answer19 = cisco-avpair => ip:inacl#190=deny ip any 153.144.129.128
0.0.0.127
answer20 = cisco-avpair => ip:inacl#200=deny ip any 153.144.27.0 0.0.0.255
answer21 = cisco-avpair => ip:inacl#210=permit ip any any
I also tried like:
answer19 = cisco-avpair => ip:inacl#101=deny ip any 153.144.129.128
0.0.0.127
answer20 = cisco-avpair => ip:inacl#101=deny ip any 153.144.27.0 0.0.0.255
answer21 = cisco-avpair => ip:inacl#101=permit ip any any
as I was not sure if the number after the dash is for ACL number or
for line number within ACL.
but the switch is only receiving the last entry (seen on tcpdump and
on the switch) :
Tunnel-Private-Group-ID Attribute (81), length: 6, Value: 3050
0x0000: 3330 3530
Tunnel-Medium-Type Attribute (65), length: 6, Value:
Tag[Unused] 802
0x0000: 0000 0006
Vendor-Specific Attribute (26), length: 38, Value: Vendor:
Cisco (9)
Vendor Attribute: 1, Length: 30, Value:
ip:inacl#210=permit ip any any
0x0000: 0000 0009 0120 6970 3a69 6e61 636c 2332
0x0010: 3130 3d70 6572 6d69 7420 6970 2061 6e79
0x0020: 2061 6e79
Is there anything wrong on my ACL?
Thanks in advance,
Regards,
Carlos
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
