Vendor Attribute for Concentrator and IAS Radius?

whiteford · ‎07-17-2007

Does anyone know what the vendor Attribute to use a Concentrator which an IAS windows Radius server is?

I want to lock the Radius requests to a policy that only accepts from teh IP address of the cisco concentrator?

Jagdeep Gambhir · ‎07-17-2007

Hi,

You need to use ,

IETF RADIUS : attribute 25

Regards,

~JG

Please rate helpful posts

whiteford · ‎07-17-2007

Thanks, is that an option in IAS? I want to bind a radius policy to a radius client that is a Cisco concentrator. So if a request comes from the concentrator then use a particular radius policy? Does that make sense?

Jagdeep Gambhir · ‎07-18-2007

To lock a user to a certain VPN group the Authentication server needs to push this information into the concentratro through Class Attribute 25 (OU=group_name)

This example is with acs, but it is quite helpful.

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml

whiteford · ‎07-18-2007

Does Class Attribute 25 (OU=group_name) point to a Windows OU?

Jagdeep Gambhir · ‎07-19-2007

This attribute contains the VPN Concentrator group name which the administrator wants the user to be locked into. This attribute is the Class attribute (IETF RADIUS attribute number 25), and has to be returned to the VPN Concentrator in this format:

OU=groupname;

where groupname is the name of the group on the VPN Concentrator that the user locks into. OU has to be in capital letters, and there must be a semicolon at the end.

Please rate if helps

Regards,