Vendor-Specific Attributes - Cisco Nexus 9000 Series Configuration Manual
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring RADIUS
Figure 2: RADIUS Server States
This figure shows the states for RADIUS server monitoring.
Note
The monitoring interval for alive servers and dead servers are different and can be configured by the user.
The RADIUS server monitoring is performed by sending a test authentication request to the RADIUS server.
Vendor-Specific Attributes
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating VSAs
between the network access server and the RADIUS server. The IETF uses attribute 26. VSAs allow vendors
to support their own extended attributes that are not suitable for general use. The Cisco RADIUS implementation
supports one vendor-specific option using the format recommended in the specification. The Cisco vendor
ID is 9, and the supported option is vendor type 1, which is named cisco-av-pair. The value is a string with
the following format:
protocol : attribute separator value *
The protocol is a Cisco attribute for a particular type of authorization, the separator is = (equal sign) for
mandatory attributes, and * (asterisk) indicates optional attributes.
When you use RADIUS servers for authentication on a Cisco NX-OS device, the RADIUS protocol directs
the RADIUS server to return user attributes, such as authorization information, with authentication results.
This authorization information is specified through VSAs.
The following VSA protocol options are supported by the Cisco NX-OS software:
Shell
Accounting
The Cisco NX-OS software supports the following attributes:
roles
Protocol used in access-accept packets to provide user profile information.
Protocol used in accounting-request packets. If a value contains any white spaces, you should enclose
the value within double quotation marks.
Lists all the roles to which the user belongs. The value field is a string that lists the role names delimited
by white space. For example, if the user belongs to roles network-operator and network-admin, the value
field would be network-operator network-admin. This subattribute, which the RADIUS server sends in
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Vendor-Specific Attributes
41
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
