Table of Contents
Advertisement
[DEFAULT@Router /config/]#radius
(00)challenge-noecho
(01)deadtime
......
Please Input the code of command to be excute(0-8): 1
(00)<0-1440>
Please Input the code of command to be excute(0-0): 0
Please input a digital number:Please input a string:60 (Input the time value of deadtime, here is only for example)
Will you excute it? (Y/N):y
6.2.3.2 Configure Router To Use Vendor-Specific RADIUS Attributes
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating
vendor-specific information between the network access server and the RADIUS server by using the
vendor-specific attribute (Attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their
own extended attributes not suitable for general use. For more information about vendor-IDs and VSAs,
refer to RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)." To configure the network
access server to recognize and use VSAs, use the following command in global configuration mode:
radius vsa send [authentication]
Example:
[DEFAULT@Router /config/]#radius
......
(07)vsa
(08)test
Please Input the code of command to be excute(0-8): 7
(00)send
Please Input the code of command to be excute(0-0): 0
(00)authentication
(01)<cr>
Please Input the code of command to be excute(0-1): 0
Will you excute it? (Y/N):y
8.2.3 Configure Radius Autentication
After you have identified the RADIUS server and defined the RADIUS authentication key, you need to
define method lists for RADIUS authentication. Because RADIUS authentication is facilitated through
AAA, you need to enter the aaa authentication command, specifying RADIUS as the authentication
method. For more information, refer to the "Configuring Authentication" chapter.
AAA authorization lets you set parameters that restrict a user's network access. Authorization using
RADIUS provides one method for remote access control, including one-time authorization or
authorization for each service, per-user account list and profile, user group support, and support of IP,
IPX, ARA, and Telnet. Because RADIUS authorization is facilitated through AAA, you need to issue the
aaa authorization command, specifying RADIUS as the authorization method. For more information,
refer to the "Configuring Authorization" chapter.
8.2.4 Configure Radius Accounting
The AAA accounting feature enables you to track the services users are accessing as well as the
amount of network resources they are consuming. Because RADIUS accounting is facilitated through
AAA, you need to issue aaa accounting command, specifying RADIUS as the accounting method. For
more information, refer to the "Configuring Accounting" chapter.
8.2.5 RADIUS Configuration Examples
Radius configuration examples in this section include the following:
Data echoing to screen is disabled during Access-Challenge
Time to stop using a server that doesn't respond
Time in minutes
Command
Send vendor-specific attributes in requests
Send in access requests
Model Name
Purpose
Enable the network access server to recognize and
use VSAs as defined by RADIUS IETF attribute 26.
Vendor specific attribute configuration
Radius test
- 351 -
Hide quick links:
Advertisement
Table of Contents
