For example, the following AV pair causes Cisco's "multiple named IP address pools" feature to be activated
during IP authorization (during PPP's Internet Protocol Control Protocol (IPCP) address assignment):
cisco-avpair= "ip:addr-pool=first"
If you insert an "*", the AV pair "ip:addr-pool=first" becomes optional. Note that any AV pair can be made
optional:
cisco-avpair= "ip:addr-pool*first"
The following example shows how to cause a user logging in from a network access server to have immediate
access to EXEC commands:
cisco-avpair= "shell:priv-lvl=15"
Other vendors have their own unique vendor-IDs, options, and associated VSAs. For more information about
vendor-IDs and VSAs, see RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)."
Attribute 26 contains the following three elements:
• Type
• Length
• String (also known as data)
• Vendor-Id
• Vendor-Type
• Vendor-Length
• Vendor-Data
The figure below shows the packet format for a VSA encapsulated "behind" attribute 26.
Figure 69: VSA Encapsulated Behind Attribute 26
It is up to the vendor to specify the format of their VSA. The Attribute-Specific field (also known as
Note
Vendor-Data) is dependent on the vendor's definition of that attribute.
The table below describes significant fields listed in the Vendor-Specific RADIUS IETF Attributes table
(second table below), which lists supported vendor-specific RADIUS attributes (IETF attribute 26).
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Information about RADIUS
907