Configuring radius attributes – IBM Tivoli and Cisco User Manual

236

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Configuring RADIUS attributes

The RADIUS attributes required for NAC must be globally enabled on the Cisco
Secure ACS.

1. Select Interface Configuration from the main menu (Figure 7-13 on

page 230), then select RADIUS (IETF) (Figure 7-19).

Figure 7-19 Global IETF RADIUS attributes

For L2Dot1x NAC, you must select the following:

– [027] Session-Timeout
– [029] Termination-Action
– [064] Tunnel-type
– [065] Tunnel-Medium-Type
– [081] Tunnel-Private-Group-ID

After selecting just these items, click Submit. This will take you back to the
screen shown in Figure 7-13 on page 230.

Note: 64, 65, and 81 are required for VLAN assignment.