Forum Discussion

scorpa_121336's avatar
scorpa_121336
Icon for Nimbostratus rankNimbostratus
Jun 19, 2013

F5 APM + cisco ACS per user acl

Hello.

 

I have BIG-IP APM latest version and Cisco ACS 5.2. I need to implement scheme where user after succesfull login through Radius get dynamic acl from ACS(downloadable acl). How to do it ? For example if i push from ACS any downloadable ACL i get this error in report :

 

session.radius.last.attr.vendor-specific.1.9.1 is ACS:CiscoSecure-Defined-ACL=ACSACL-IP-IP_block-51c18efe

 

 

 

Common/VPN_ACL: rule1: ACS:CiscoSecure-Defined-ACL=ACSACL-IP-IP_block-51c18efe 2013-06-19 15:31:07 /Common/VPN_ACL: rule1: ^ 2013-06-19 15:31:07 /Common/VPN_ACL: rule1: ERR_PARSER_UNSUPPORTED_TOKEN 2013-06-19 15:31:07 Dynamic ACL: parsing errors on '/Common/VPN_ACL' and assigned with discard all entry

 

 

How to fix it ?

 

3 Replies

  • If any one will ever be doing this - the problem is with second access-request. When Big-ip sends access-request to ACS its return access-accept and name of Downloadable ACL so after it F5 should send another access-request with name of this ACL and command to download it but this behavior is not implemented.
  • Hi,

     

    I want to implement per-user ACL using ACS 5.5 and BIGIP APM.

     

    Were you able to do this? Or ACL download is still not implemented in BIGIP?

     

  • I have the same problem, has anyone been able to implement this successfully?