Configuring an ACL in a RADIUS server

The following information provides general guidelines for configuring a RADIUS server to specify RADIUS-assigned ACLs. It also provides an example configuration for a FreeRADIUS server application. To configure services on a specific RADIUS server application, see the documentation provided with that application.


This application requires a RADIUS server having an IPv4 address. Clients can be dual-stack, IPv4-only or IPv6-only.

A RADIUS-assigned ACL configuration in a RADIUS server includes the following elements:
  • Nas-Filter-Rule attributes — standard and vendor-specific

  • ACL configuration, entered in the server, and associated with specific user name/password or MAC address criteria, and comprised of ACEs entered in the server

A RADIUS-assigned ACL includes:
  • One or more explicit permit and deny ACEs

  • An implicit deny in ip from any to any ACE automatically applied after the last operator-created ACE