Cisco Systems Servers Server User Manual


 
D-15
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Appendix D RADIUS Attributes
IETF Dictionary of RADIUS AV Pairs
26 Vendor-Specific Allows vendors to support their own extended attributes. The Cisco
RADIUS implementation supports one vendor-specific option using the
format recommended in the specification. Ciscos vendor-ID is 9, and
the supported option is vendor-type 1, cisco-avpair. The value is a
string of the format:
protocol:attribute sep value
Protocol is a value of the Cisco protocol attribute for a particular type
of authorization. Attribute and value are an appropriate AV pair defined
in the Cisco TACACS+ specification, and "sep" is "=" for mandatory
attributes and "*" for optional attributes. This allows the full set of
TACACS+ authorization features to be used for RADIUS. The
following is an example:
cisco-avpair= "ip:addr-pool=first"
cisco-avpair= "shell:priv-lvl=15"
The first example causes Ciscos multiple named IP address pools
feature to be activated during IP authorization (during PPPs IPCP
address assignment). The second example causes a AAA client prompt
user to have immediate access to EXEC commands.
27 Session-Timeout Maximum number of seconds of service to be provided to the user
before the session terminates. This attribute value becomes the per-user
absolute timeout. This attribute is not valid for PPP sessions.
28 Idle-Timeout Maximum number of consecutive seconds of idle connection time
allowed to the user before the session terminates. This attribute value
becomes the per-user session-timeout. This attribute is not valid for
PPP sessions.
34 Login-LAT-Service System with which the user is to be connected by LAT. This attribute is
only available in the EXEC mode.
Table D-7 RADIUS (IETF) Attributes (continued)
No. Attribute Description