Radius attributes, A p p e n d i x, Appendix c, “radius attributes – Cisco 3.3 User Manual

C-1

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

A P P E N D I X

C

RADIUS Attributes

Cisco Secure Access Control Server (ACS) for Windows Server supports many
RADIUS attributes. You can enable different attribute-value (AV) pairs for IETF
RADIUS and for any supported vendor. This appendix lists the standard
attributes, vendor-proprietary attributes, and vendor-specific attributes supported
by Cisco Secure ACS.

For outbound attributes, you can configure the attributes sent and their content
using the Cisco Secure ACS HTML interface. The RADIUS attributes sent to a
AAA client in an access-accept message are user specific. To configure a specific
attribute to be sent for a given user, you must ensure the following:

1.

In the Network Configuration section, the AAA client entry corresponding to
the access device that grants network access to the user must be configured to
use a variety of RADIUS that supports the attribute you want sent to the AAA
client. For more information about the RADIUS attribute sets supported by
RADIUS varieties, see

Protocol Configuration Options for RADIUS,

page 3-11

.

2.

In the Interface Configuration section, the attribute must be enabled so that it
appears on user or user group profile pages. You can enable attributes on the
page corresponding to the RADIUS variety that supports the attribute. For
example, IETF RADIUS Session-Timeout attribute (27) appears on the
RADIUS (IETF) page.

Note

By default, per-user RADIUS attributes are not enabled. Before you
can enable attributes on a per-user basis, you must enable the Per-user
TACACS+/RADIUS Attributes option on the Advanced Options page
in the Interface Configuration section.