Table of Contents
Advertisement
Appendix D
RADIUS Attributes
Table D-7
RADIUS (IETF) Attributes (continued)
No.
Attribute
26
Vendor-Specific
27
Session-Timeout
28
Idle-Timeout
34
Login-LAT-Service
78-13751-01, Version 3.0
Description
Allows vendors to support their own extended attributes. The Cisco
RADIUS implementation supports one vendor-specific option using the
format recommended in the specification. Cisco's vendor-ID is 9, and
the supported option is vendor-type 1, cisco-avpair. The value is a
string of the format:
protocol:attribute sep value
Protocol is a value of the Cisco protocol attribute for a particular type
of authorization. Attribute and value are an appropriate AV pair defined
in the Cisco TACACS+ specification, and "sep" is "=" for mandatory
attributes and "*" for optional attributes. This allows the full set of
TACACS+ authorization features to be used for RADIUS. The
following is an example:
cisco-avpair= "ip:addr-pool=first"
cisco-avpair= "shell:priv-lvl=15"
The first example causes Cisco's multiple named IP address pools
feature to be activated during IP authorization (during PPP's IPCP
address assignment). The second example causes a AAA client prompt
user to have immediate access to EXEC commands.
Maximum number of seconds of service to be provided to the user
before the session terminates. This attribute value becomes the per-user
absolute timeout. This attribute is not valid for PPP sessions.
Maximum number of consecutive seconds of idle connection time
allowed to the user before the session terminates. This attribute value
becomes the per-user session-timeout. This attribute is not valid for
PPP sessions.
System with which the user is to be connected by LAT. This attribute is
only available in the EXEC mode.
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
IETF Dictionary of RADIUS AV Pairs
D-15
Advertisement
Table of Contents
Troubleshooting
