Filter
Top Products
A-10
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Appendix A AAA Protocols
Overview of RADIUS
Administrator can configure the attribute operation clause for a specific proxy access service. When this
service is selected, ACS performs the operation on the access request and forwards the updated access
request to the external server. ACS 5.4 does not support conditioning on the existing value.
Example for Attribute Operation statement:
Operator-name ADD new value: “University A”
The following operations are available in RADIUS Attributes rewrite:
• Add Attribute, page A-10
• Update Attribute, page A-10
• Delete Attribute, page A-11
Add Attribute
The add attributes are used to add a new attribute value for the selected RADIUS attribute.
• If the multiple attributes are not allowed, then add operation adds the new value for the selected
attribute only if this attribute does not exists on the request.
Example:
Called-Station-Id – Attribute Multiple NOT allowed:
On the Access Request:
Called-Station-Id NOT on the request
Attribute Operation statement:
Called-Station-Id ADD 1223
Result of the attribute operation on the request forwarded to the server:
Called-Station-Id =1223
If the Called-Station-ID is on the original request, then ACS does not perform the add operation in
this example.
• If the multiple attributes are allowed, then the add operation always adds the attribute with a new
value.
Example:
Login-IP-Host – attribute Multiple allowed:
On the Access Request:
Login-IP-Host=10.56.21.190
Attribute Operation statement:
Login-IP-Host ADD 10.56.1.1
Result of the attribute operation on the request forwarded to the server:
Login-IP-Host=10.56.21.190
Login-IP-Host=10.56.1.1
Update Attribute
The update attributes are used to update the existing value of a selected RADIUS attribute
• If the multiple attributes are not allowed, then the update operation updates the existing attributes
with a new value only if the attribute exists on the request.