Cisco ACS and FreeRadius

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Feb 12 13:40:29 CET 2015


Hi,

> I currently run a Cisco ASA 5510 firewall.  Authentication take place via a Windows server with Cisco ACS software.  Once the authentication has taken place, the ACS downloads an Access Control List (ACL) to the firewall that then restricts that user access to a single IP Address or in some cases multiple IP addresses.  I only have about 20 users but this might grow to 50.  I also get a few basic reports of failed and successful logins and how long the user was attached to the network.
> 
> Is FreeRadius capable of doing this authentication and able to restrict access on the network and generate the basic reports?

yes.


easiest way to look at this is to do a packet capture of the RADIUS datagrams from the ACS to your ASA and
then you can ensure that your FreeRADIUS sends back same stuff.... you'll want to just read the ASA docs to see
what attributes are required and then check the FreeRADIUS dictionaries to ensure those attributes are present.

we use freeRADIUS to control Cisco ASA for various similar functions...though we now use them mainly for VPN
(migrated to a different firewall platform last year)

alan


More information about the Freeradius-Users mailing list