Filter
Top Products
8-70
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter8 Managing Users and Identity Stores
Managing External Identity Stores
Step 2 Do either of the following:
• Click Submit to save your changes and return to the RADIUS Identity Servers page.
• Click the Advanced tab to configure failure message handling and to enable identity caching. See
Configuring Advanced Options, page 8-70 for more information.
Related Topics
• RADIUS Identity Stores, page 8-63
• Creating, Duplicating, and Editing RADIUS Identity Servers, page 8-66
• Configuring General Settings, page 8-67
• Configuring Shell Prompts, page 8-69
• Configuring Advanced Options, page 8-70
Configuring Advanced Options
In the Advanced tab, you can do the following:
• Define what an access reject from a RADIUS identity server means to you.
• Enable identity caching.
Table 8-21 describes the fields in the Advanced tab of the RADIUS Identity Servers page.
RADIUS Attribute Name of the RADIUS attribute. Click Select to choose the RADIUS attribute. This name is
composed of two parts: The attribute name and an extension to support AV-pairs if the attribute
selected is a Cisco AV-Pair.
For example, for an attribute, cisco-av-pair with an AV-pair name some-avpair, ACS displays
cisco-av-pair.some-avpair.
IETF and vendor VSA attribute names contain an optional suffix, -nnn, where nnn is the ID of the
attribute.
Type RADIUS attribute type. Valid options are:
• String
• Unsigned Integer 32
• IPv4 address
Default (Optional) A default value that can be used if the attribute is not available in the response from the
RADIUS identity server. This value must be of the specified RADIUS attribute type.
Policy Condition Name Specify the name of the custom policy condition that uses this attribute.
Table 8-20 RADIUS Identity Servers - Directory Attributes Tab
Option Description