07-17-2007 04:16 AM - edited 02-20-2020 09:39 PM
Does anyone know what the vendor Attribute to use a Concentrator which an IAS windows Radius server is?
I want to lock the Radius requests to a policy that only accepts from teh IP address of the cisco concentrator?
07-17-2007 12:25 PM
Hi,
You need to use ,
IETF RADIUS : attribute 25
Regards,
~JG
Please rate helpful posts
07-17-2007 11:15 PM
Thanks, is that an option in IAS? I want to bind a radius policy to a radius client that is a Cisco concentrator. So if a request comes from the concentrator then use a particular radius policy? Does that make sense?
07-18-2007 01:20 PM
To lock a user to a certain VPN group the Authentication server needs to push this information into the concentratro through Class Attribute 25 (OU=group_name)
This example is with acs, but it is quite helpful.
http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml
07-18-2007 11:15 PM
Does Class Attribute 25 (OU=group_name) point to a Windows OU?
07-19-2007 04:47 AM
This attribute contains the VPN Concentrator group name which the administrator wants the user to be locked into. This attribute is the Class attribute (IETF RADIUS attribute number 25), and has to be returned to the VPN Concentrator in this format:
OU=groupname;
where groupname is the name of the group on the VPN Concentrator that the user locks into. OU has to be in capital letters, and there must be a semicolon at the end.
Please rate if helps
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide