Feature history for radius attribute screening, Restrictions for radius attribute screening, Prerequisites for radius attribute screening – Cisco 10000 User Manual

Page 342

Advertising
background image

16-40

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 16 Configuring RADIUS Features

RADIUS Attribute Screening

Configuration Tasks for RADIUS Attribute Screening, page 16-41

Configuration Examples for RADIUS Attribute Screening, page 16-41

Feature History for RADIUS Attribute Screening

Restrictions for RADIUS Attribute Screening

The following restrictions apply to the RADIUS Attribute Screening feature:

Network Access Server (NAS) Requirement

To enable the RADIUS Attribute Screening feature, you should configure the Cisco 10000 router,
acting as the NAS, for authorization with RADIUS groups.

Accept or Reject Lists Limitations

The two filters used to configure accept or reject lists are mutually exclusive; therefore, you can
configure only one accept list or one reject list for each purpose and for each server group.

Vendor-Specific Attributes

The RADIUS Attribute Screening feature does not support vendor-specific attribute (VSA)
screening. However, you can specify attribute 26 (Vendor-Specific) in an accept or reject list, which
will accept or reject all VSAs.

Required Attributes

Required attributes in a reject list are allowed to pass through. Do not reject the following required
attributes:

Authorization—6 (Service-Type) and 7 (Framed-Protocol)

Accounting—4 (NAS-IP-Address), 40 (Acct-Status-Type), 41 (Acct-Delay-Time), and44
(Acct-Session-ID)

Note

When you configure a reject list with required attributes, an error message does not appear because the
list does not specify a purpose (authorization or accounting). The server determines if an attribute is
required when the attribute’s purpose is known.

Prerequisites for RADIUS Attribute Screening

Before you configure a RADIUS accept or reject list, enable AAA using the aaa new-model command
in global configuration mode. For more information, see the Cisco IOS Command Summary, Volume 2
of 3, Release 12.2.

Cisco IOS Release

Description

Required PRE

12.2(16)BX3

This feature was introduced on the Cisco 10000 series
router.

PRE2

12.3(7)XI6

This feature was integrated into Cisco IOS Release 12.3(7)

XI6.

PRE2

12.2(28)SB

This feature was integrated into Cisco IOS Release
12.2(28)SB.

PRE2

Advertising
Popular Brands
Popular manuals