1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Router
  5. ASR 9000 Series
  6. Configuration manual

Radius Vendor-Specific Attributes - Cisco ASR 9000 Series Configuration Manual

Aggregation services router broadband network gateway
Hide thumbs Also See for ASR 9000 Series:
Table of Contents

Advertisement

RADIUS Vendor-Specific Attributes

Table 8: Supported IETF Tagged Attributes
IETF Tagged Attribute Name
Tunnel-Type
Tunnel-Medium-Type
Tunnel-Client-Endpoint
Tunnel-Server-Endpoint
Tunnel-Password
Tunnel-Assignment-ID
Tunnel-Preference
Tunnel-Client-Auth-ID
Tunnel-Server-Auth-ID
RADIUS Vendor-Specific Attributes
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating
vendor-specific information between the network access server and the RADIUS server by using the
vendor-specific attribute (attribute 26). Attribute 26 encapsulates vendor specific attributes, thereby, allowing
vendors to support their own extended attributes otherwise not suitable for general use.
The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in
the specification. Cisco's vendor-ID is 9, and the supported option has vendor-type 1, which is named
"cisco-avpair." The value is a string of this format:
protocol : attribute sep value *
"Protocol" is a value of the Cisco "protocol" attribute for a particular type of authorization; protocols that can
be used include IP, IPX, VPDN, VOIP, SHELL, RSVP, SIP, AIRNET, OUTBOUND. "Attribute" and "value"
are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and "sep" is "="
for mandatory attributes and "*" for optional attributes. This allows the full set of features available for
TACACS+ authorization to also be used for RADIUS.
For example, the following AV pair causes Cisco's "multiple named ip address pools" feature to be activated
during IP authorization (during PPP's IPCP address assignment):
cisco-avpair= "ip:addr-pool=first"
If you insert an "*", the AV pair "ip:addr-pool=first" becomes optional. Note that any AV pair can be made
optional.
IETF Attribute 26 (Vendor-Specific) encapsulates vendor specific attributes, thereby, allowing vendors to
support their own extended attributes otherwise not suitable for general use.
cisco-avpair= "ip:addr-pool*first"
The following example shows how to cause a user logging in from a network access server to have immediate
access to EXEC commands:
cisco-avpair= "shell:priv-lvl=15"
Attribute 26 contains these three elements:
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide,
Release 4.3.x
296
Value
integer
integer
string
string
string
string
integer
string
string
RADIUS Attributes
Type
64
65
66
67
69
82
83
90
91
OL-28375-03

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 9000 Series

Related Content for Cisco ASR 9000 Series

Table of Contents