Filter
Top Products
9-29
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 5: Set Up Shared Profile Components
Figure 9-19 Attribute Selection for the Cisco_Restricted RAC
To enable VLAN assignment, the sample RACs include the following RADIUS attributes:
• Session-Timeout (attribute 27)—Enables a session timeout. In the sample RACs, the timeout value
is set to 3600 seconds (six hours). Because session timeouts and revalidations use considerable
network resources, you might want to set the timeout value to allow a longer timeout period; for
example, 8 to 24 hours.
• Termination-Action (attribute 29)—Determines how the switch port responds to a session
timeout. This attribute is only used in Access-Accept packets. When a session timeout occurs, the
port drops all traffic on the switch until reauthentication is complete. In the sample RACs, this
attribute is set to RADIUS-Request (1). This ensures that the switch maintains the current VLAN
assignment and network connectivity while reauthentication is in progress.
• Tunnel-Type (attribute 64)—Specifies the type of tunnel that is set up for the user to connect. In
the sample RACs, this value is set to type 10, VLAN, which indicates that the user is granted access
to a VLAN that is configured on the switch.