Setting cisco ios/pix radius parameters for a user – Cisco 3.3 User Manual

Page 285

Advertising
background image

7-39

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 7 User Management

Advanced User Authentication Settings

Note

For a list and explanation of RADIUS attributes, see

Appendix C, “RADIUS

Attributes”

, or the documentation for your particular network device using

RADIUS.

To configure IETF RADIUS attribute settings to be applied as an authorization for
the current user, follow these steps:

Step 1

Perform Step 1 through Step 3 of

Adding a Basic User Account, page 7-4

.

The User Setup Edit page opens. The username being added or edited is at the top
of the page.

Step 2

In the IETF RADIUS table, for each attribute that you need to authorize for the
current user, select the check box next to the attribute and then further define the
authorization for the attribute in the box or boxes next to it, as applicable.

Step 3

Do one of the following:

If you are finished configuring the user account options, click Submit to
record the options.

To continue to specify the user account options, perform other procedures in
this chapter, as applicable.

Setting Cisco IOS/PIX RADIUS Parameters for a User

The Cisco IOS RADIUS parameters appear only if all the following are true:

A AAA client is configured to use RADIUS (Cisco IOS/PIX) in Network
Configuration.

The Per-user TACACS+/RADIUS Attributes check box is selected under
Advanced Options in the Interface Configuration section.

User-level RADIUS (Cisco IOS/PIX) attributes are enabled under RADIUS
(Cisco IOS/PIX) in the Interface Configuration section.

Note

To hide or display the Cisco IOS RADIUS VSA, see

Setting Protocol

Configuration Options for Non-IETF RADIUS Attributes, page 3-17

. A VSA

applied as an authorization to a particular user persists, even when you remove or

Advertising