Filter
Top Products
A-11
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Appendix A AAA Protocols
Overview of RADIUS
• If the Multiple attributes are allowed, then the update operation removes all the occurrences of this
attribute and adds one attribute with a new value.
Example:
Login-IP-Host – attribute Multiple allowed:
On the Access Request:
Login-IP-Host=10.56.21.190
Login-IP-Host=10.56.1.1
Attribute Operation statement:
Login-IP-Host UPDATE 10.12.12.12
Result of the attribute operation on the request forwarded to the server:
Login-IP-Host=10.12.12.12
• If the attribute is cisco-avpair (pair of key=value) the update is done according to the key.
Example:
On the Access Request:
cisco-avpair = url-redirect=www.cisco.com
cisco-avpair = url-redirect=www.yahoo.com
cisco-avpair = cmd=show
Attribute Operation statement:
cisco-avpair UPDATE new value:[url-redirect=www.google.com]
Result of the attribute operation on the request forwarded to the server:
cisco-avpair = url-redirect=www.google.com
cisco-avpair = cmd=show
Delete Attribute
The delete attributes operation is used delete the value of the selected RADIUS attributes.
Example:
Login-IP-Host – attribute Multiple allowed
On the Access Request:
Login-IP-Host=10.56.21.190
Attribute Operation statement:
Login-IP-Host DELETE
Result of the attribute operation on the request forwarded to the server:
Attribute Login-IP-Host NOT on the request
RADIUS Access Requests
A user login contains a query (Access-Request) from the network access device to the RADIUS server
and a corresponding response (Access-Accept or Access-Reject) from the server. The Access-Request
packet contains the username, password, NAD IP address, and NAD port, and other relevant attributes.