Cisco 2509 - Router - EN User Manual page 541

Appendix C RADIUS Attributes
Table C-6 RADIUS (IETF) Attributes (continued)
Attribute Number Description
Vendor-Specific 26
78-14696-01, Version 3.1
Allows vendors to support their own
extended attributes. The Cisco
RADIUS implementation supports
one vendor-specific option using the
format recommended in the
specification. The Cisco vendor-ID
is 9, and the supported option is
vendor-type 1, cisco-avpair. The
value is a string of the format:
protocol
:attribute sep value
protocol is a value of the Cisco
protocol attribute for a particular
type of authorization. Attribute and
value are an appropriate AV pair
defined in the Cisco TACACS+
specification, and "sep" is "=" for
mandatory attributes and "*" for
optional attributes. This allows the
full set of TACACS+ authorization
features to be used for RADIUS. The
following is an example:
cisco-avpair=
"ip:addr-pool=first"
cisco-avpair=
"shell:priv-lvl=15"
The first example causes the Cisco
multiple named IP address pools
feature to be activated during IP
authorization (during PPP IPCP
address assignment). The second
example causes a user of a
device-hosted administrative session
to have immediate access to EXEC
commands.
User Guide for Cisco Secure ACS for Windows Server
IETF Dictionary of RADIUS AV Pairs
Type of Inbound/
Value Outbound Multiple
string Outbound Yes
C-19