Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual

For example, the following AV pair causes Cisco's "multiple named IP address pools" feature to be activated
during IP authorization (during PPP's Internet Protocol Control Protocol (IPCP) address assignment):
cisco-avpair= "ip:addr-pool=first"
If you insert an "*", the AV pair "ip:addr-pool=first" becomes optional. Note that any AV pair can be made
optional:
cisco-avpair= "ip:addr-pool*first"
The following example shows how to cause a user logging in from a network access server to have immediate
access to EXEC commands:
cisco-avpair= "shell:priv-lvl=15"
Other vendors have their own unique vendor-IDs, options, and associated VSAs. For more information about
vendor-IDs and VSAs, see RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)."
Attribute 26 contains the following three elements:
• Type
• Length
• String (also known as data)
• Vendor-Id
• Vendor-Type
• Vendor-Length
• Vendor-Data
The figure below shows the packet format for a VSA encapsulated "behind" attribute 26.
Figure 69: VSA Encapsulated Behind Attribute 26
It is up to the vendor to specify the format of their VSA. The Attribute-Specific field (also known as
Note
Vendor-Data) is dependent on the vendor's definition of that attribute.
The table below describes significant fields listed in the Vendor-Specific RADIUS IETF Attributes table
(second table below), which lists supported vendor-specific RADIUS attributes (IETF attribute 26).

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)

Information about RADIUS
907