I have a 6509 MSFC with VPN service module handling VPN client access, authenticated by an RSA RADIUS server with tokens. I have tried to get the MSFC to recognize attribute 11, filter ID, but, although it is clearly there in the debug, the acl seems to have no effect. I have
aaa authorization network groupauthor local specified for group shared-secret authentication. I also have
aaa authorization network default group radrsa if-authenticated aaa authorization configuration default group radrsa
for handling the filter attribute. I have tried with and without the 'if- authenticated'. I suspect from the debug that the local method specified for shared-secret handling is overriding the other specifications. Has anyone been able to use the aaa filter attribute with local shared secrets? Any other ideas as to the nature of the problem would be appreciated. I can supply debug and config as needed. Thanks