Configuration tasks for radius attribute screening, Authorization accept configuration example, Accounting reject configuration example – Cisco 10000 User Manual
Page 343
16-41
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 16 Configuring RADIUS Features
RADIUS Attribute Screening
Configuration Tasks for RADIUS Attribute Screening
To configure and verify the RADIUS Attribute Screening feature, see the
Attribute Accept or Reject Lists” section on page 5-37
.
Configuration Examples for RADIUS Attribute Screening
This section provides the following configuration examples:
•
Authorization Accept Configuration Example, page 16-41
•
Accounting Reject Configuration Example, page 16-41
•
Authorization Reject and Accounting Accept Configuration Example, page 16-42
•
Rejecting Required Attributes Configuration Example, page 16-42
Authorization Accept Configuration Example
The following example shows how to configure an accept list for attribute 6 (Service-Type) and
attribute 7(Framed-Protocol). All other attributes (including VSAs) are rejected for RADIUS
authorization.
aaa new-model
aaa authentication ppp default group radius-sg
aaa authorization network default group radius-sg
aaa group server radius radius-sg
server 10.1.1.1
authorization accept min-author
!
radius-server host 10.1.1.1 key mykey1
radius-server attribute list min-author
attribute 6-7
Accounting Reject Configuration Example
The following example shows how to configure a reject list for attribute 66 (Tunnel-Client-Endpoint)
and attribute 67 (Tunnel-Server-Endpoint). All other attributes (including VSAs) are accepted for
RADIUS accounting.
aaa new-model
aaa authentication ppp default group radius-sg
aaa authorization network default group radius-sg
aaa group server radius radius-sg
server 10.1.1.1
accounting reject tnl-x-endpoint
!
radius-server host 10.1.1.1 key mykey1
radius-server attribute list tnl-x-endpoint
attribute 66-67