Cisco 3.3 User Manual

Chapter 7 User Management

Advanced User Authentication Settings

7-40

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

replace the associated AAA client; however, if you have no AAA clients of this
(vendor) type configured, the VSA settings do not appear in the user configuration
interface.

Cisco IOS RADIUS represents only the Cisco IOS VSAs. You must configure
both the IETF RADIUS and Cisco IOS RADIUS attributes.

To configure and enable Cisco IOS RADIUS attributes to be applied as an
authorization for the current user, follow these steps:

Step 1

Perform Step 1 through Step 3 of

Adding a Basic User Account, page 7-4

.

The User Setup Edit page opens. The username being added or edited is at the top
of the page.

Step 2

Before configuring Cisco IOS RADIUS attributes, be sure your IETF RADIUS
attributes are configured properly. For more information about setting IETF
RADIUS attributes, see

Setting IETF RADIUS Parameters for a User, page 7-38

.

Step 3

If you want to use the [009\001] cisco-av-pair attribute to specify authorizations,
select the check box next to the attribute and then type the attribute-value pairs in
the text box. Separate each attribute-value pair by pressing Enter.

For example, if the current user profile corresponds to a Network Admission
Control (NAC) client to which Cisco Secure ACS always assigns a
status-query-timeout attribute value that needs to be different than a value that any
applicable group profile contains, you could specify that value as follows:

status-query-timeout=1200

Step 4

If you want to use other Cisco IOS/PIX RADIUS attributes, select the
corresponding check box and specify the required values in the adjacent text box.

Step 5

Do one of the following:

•

If you are finished configuring the user account options, click Submit to
record the options.

•

To continue to specify the user account options, perform other procedures in
this chapter, as applicable.