Cisco 3.3 User Manual

Page 112

Advertising
background image

Chapter 3 Interface Configuration

Protocol Configuration Options for RADIUS

3-14

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

selecting check boxes in a list of attributes, you determine whether the
corresponding (IETF) RADIUS attribute or vendor-specific attribute (VSA) is
configurable from the User Setup and Group Setup sections.

Details regarding the types of RADIUS settings pages follow:

(IETF) RADIUS Settings—This page lists attributes available for (IETF)
RADIUS.

These standard (IETF) RADIUS attributes are available for any network
device configuration when using RADIUS. If you want to use IETF attribute
number 26 (for VSAs), select Interface Configuration and then RADIUS for
the vendors whose network devices you use. Attributes for (IETF) RADIUS
and the VSA for each RADIUS network device vendor supported by
Cisco Secure ACS appear in User Setup or Group Setup.

Note

The RADIUS (IETF) attributes are shared with RADIUS VSAs. You
must configure the first RADIUS attributes from RADIUS (IETF) for
the RADIUS vendor.

The Tags to Display Per Attribute option (located under Advanced
Configuration Options) enables you to specify how many values to display for
tagged attributes on the User Setup and Group Setup pages. Examples of
tagged attributes include [064]Tunnel-Type and [069]Tunnel-Password.

For detailed steps, see

Setting Protocol Configuration Options for IETF

RADIUS Attributes, page 3-16

.

RADIUS (Cisco IOS/PIX) Settings—This section allows you to enable the
specific attributes for RADIUS (Cisco IOS/PIX). Selecting the first attribute
listed under RADIUS (Cisco IOS/PIX), 026/009/001, displays an entry field
under User Setup and/or Group Setup in which any TACACS+ commands can
be entered to fully leverage TACACS+ in a RADIUS environment. For
detailed steps, see

Setting Protocol Configuration Options for Non-IETF

RADIUS Attributes, page 3-17

.

RADIUS (Cisco Aironet) Settings—This section allows you to enable the
specific attribute for RADIUS (Cisco Aironet). The single Cisco Aironet
RADIUS VSA, Cisco-Aironet-Session-Timeout, is a specialized
implementation of the IETF RADIUS Session-Timeout attribute (27). When
Cisco Secure ACS responds to an authentication request from a Cisco Aironet
Access Point and the Cisco-Aironet-Session-Timeout attribute is configured,
Cisco Secure ACS sends to the wireless device this value in the IETF

Advertising
Popular Brands
Popular manuals