Appendix E Cisco Secure ACS Command-Line Database Utility
User-Defined RADIUS Vendors and VSA Sets
E-34
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Attribute Definition
Each RADIUS vendor/VSA import file must have one attribute definition section
for each attribute defined in the vendor and VSA set section. The section header
of each attribute definition section must match the attribute name defined for that
attribute in the vendor and VSA set section. Table E-9 lists the valid keys for an
attribute definition section.
Table E-9 Attribute Definition Keys
Keys Required Value Required Description
Type Yes See Description. The data type of the attribute. It must be one of the
following:
STRING
INTEGER
IPADDR
If the attribute is an integer, the Enums key is valid.
Profile Yes See Description. The attribute profile defines if the attribute is used for
authorization or accounting (or both). At least one of the
following two values must be present in the Profile key
definition:
IN—The attribute is used for accounting. After you add the
attribute to Cisco Secure ACS, you can configure your
RADIUS accounting log to record the new attribute. For
more information about RADIUS accounting logs, see the
“RADIUS Accounting Log” section on page 9-7.
OUT—The attribute is used for authorization.
In addition, you can use the value "MULTI" to allow several
instances of the attribute per RADIUS message.
Combinations are valid. For example:
Profile=MULTI OUT
or
Profile=IN OUT