Examples: Configuring The Switch To Use Vendor-Specific Radius Attributes; Example: Configuring The Switch For Vendor-Proprietary Radius Server; Communication - Cisco Catalyst 2960-XR Security Configuration Manual

Examples: Configuring the Switch to Use Vendor-Specific RADIUS Attributes

This example shows how to configure host1 as the RADIUS server and to use the default ports for both
authentication and accounting:
Switch(config)# radius-server host host1
Examples: Configuring the Switch to Use Vendor-Specific RADIUS Attributes
For example, this AV pair activates Cisco's multiple named ip address pools feature during IP authorization
(during PPP IPCP address assignment):
cisco-avpair= "ip:addr-pool=first"
This example shows how to provide a user logging in from a switch with immediate access to privileged
EXEC commands:
cisco-avpair= "shell:priv-lvl=15"
This example shows how to specify an authorized VLAN in the RADIUS server database:
cisco-avpair= "tunnel-type(#64)=VLAN(13)"
cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"
cisco-avpair= "tunnel-private-group-id(#81)=vlanid"
This example shows how to apply an input ACL in ASCII format to an interface for the duration of this
connection:
cisco-avpair= "ip:inacl#1=deny ip 10.10.10.10 0.0.255.255 20.20.20.20 255.255.0.0"
cisco-avpair= "ip:inacl#2=deny ip 10.10.10.10 0.0.255.255 any"
cisco-avpair= "mac:inacl#3=deny any any decnet-iv"
This example shows how to apply an output ACL in ASCII format to an interface for the duration of this
connection:
cisco-avpair= "ip:outacl#2=deny ip 10.10.10.10 0.0.255.255 any"

Example: Configuring the Switch for Vendor-Proprietary RADIUS Server

Communication

This example shows how to specify a vendor-proprietary RADIUS host and to use a secret key of rad124
between the switch and the server:
Switch(config)# radius-server host 172.20.30.15 nonstandard
Switch(config)# radius-server key rad124
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
80
Configuring RADIUS
OL-29434-01