RADIUS ACL attributes

  • 1
  • Question
  • Updated 6 months ago
  • Answered
Can`t find how to assign ACL with Access-Accept RADIUS response and what attributes to use.
Want to know how to assign ACL via sending id and via sending ACL rules in Access-Accept RADIUS response
Photo of Ruslan

Ruslan

  • 5 Posts
  • 0 Reply Likes

Posted 8 months ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2874 Posts
  • 400 Reply Likes
I don't think ACL is a valid attribute-value pair for RADIUS with Ruckus dictionary file.
https://support.ruckuswireless.com/articles/000005220
Photo of Jeronimo

Jeronimo

  • 324 Posts
  • 37 Reply Likes
Try to apply a filter-id as Radius-attribute.

Or try to apply RBAC using Ruckus-User-Groups as Radius-arrtibute.

I do remeber a filter-id was working on ZD(10.0 above) and Ruckus-User-Groups is working on SZ100(3.5 above) and ZD.

Try those.
Photo of Ruslan

Ruslan

  • 5 Posts
  • 0 Reply Likes
Thanks! I see that via FILTER-ID I can deliver id, but I need also to deliver ACL rules.
Photo of Jeronimo

Jeronimo

  • 324 Posts
  • 37 Reply Likes
Yes. Ruckus don't have a attribute like cisco downloadable acl.

You have to use predefined acl or role.
(Edited)
Photo of Ruslan

Ruslan

  • 5 Posts
  • 0 Reply Likes
Photo of Ruslan

Ruslan

  • 5 Posts
  • 0 Reply Likes
But only this statement. No proofs..
Photo of Jeronimo

Jeronimo

  • 324 Posts
  • 37 Reply Likes
Do you want to apply that to any product? Wireless Product like SZ/ZD or Wired Product like ICX switch?
Photo of Ruslan

Ruslan

  • 5 Posts
  • 0 Reply Likes
Yes, I need a flexible solution
Photo of Jeronimo

Jeronimo

  • 324 Posts
  • 37 Reply Likes
I have tested this.

I did successful dynamic acl using icx and filter-id on freeradius.

In this URL, I shared configuration and result using excel sheet below.
https://drive.google.com/open?id=1AohCD86AygWw-re8bvTDOsO2663pvrGg

But I failed this using named acl.

It works good using only number acl on ver 0.8.0.70(exaclty SPR08070b).

Please someone confirm this point.

Good luck.
(Edited)