Filter
Top Products
236 Configuring Authentication, Authorization, and Accounting
How Are RADIUS Attributes Processed on the Switch?
The following attributes are processed in the RADIUS Access-Accept
message received from a RADIUS server:
• NAS-PORT—ifIndex of the port to be authenticated.
• REPLY-MESSAGE—Trigger to respond to the Access-Accept message
with an EAP notification.
• STATE-RADIUS—Server state. Transmitted in Access-Request and
Accounting-Request messages.
• SESSION-TIMEOUT—Session timeout value for the session (in seconds).
Used by both 802.1X and Captive Portal.
• TERMINATION-ACTION—Indication as to the action taken when the
service is completed.
• EAP-MESSAGE—Contains an EAP message to be sent to the user. This is
typically used for MAB clients.
• VENDOR-SPECIFIC—The following Cisco AV Pairs are supported:
– shell:priv-lvl
– shell:roles
• FILTER-ID—Name of the filter list for this user.
• TUNNEL-TYPE—Used to indicate that a VLAN is to be assigned to the
user when set to tunnel type VLAN (13).
• TUNNEL-MEDIUM-TYPE—Used to indicate the tunnel medium type.
Must be set to medium type 802 (6) to enable VLAN assignment.
• TUNNEL-PRIVATE-GROUP-ID—Used to indicate the VLAN to be
assigned to the user. May be a string which matches a preconfigured VLAN
name or a VLAN id. If a VLAN id is given, the string must only contain
decimal digits.