cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1690
Views
5
Helpful
3
Replies

Radius VSA 26 cisco-avpair

pengfang
Level 1
Level 1

Hi all,

I couldn't find any details how to use RADIUS Vendor-Specific Attributes (VSA)26 , cisco av-pair but only some samples like:

cisco-avpair= "shell:priv-lvl=15"

Is there a FULL list of these attributes with correct syntax explained for IOS 12.4 and ASA 8.x anywhere? Much appreciated your response.

3 Replies 3

darpotter
Level 5
Level 5

For the most part you can put any IOS TACACS+ attribute inti the cisco-av-pair using the format

service:attr=value

eg

ip:ip-addr=x.x.x.x

ip:inacl=blah

There's an IOS dictionary here: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_TACAtr.pdf

What isnt documented very well are the instances of cisco-ac-pair that various groups within Cisco have created for their own devices.

Thanks for reply. The problem is there're no any explanations how to use these attributes, such as these attributes belong to what "service", "value" and what application applied for.

For ASA with RADIUS the most likely service is just going to be "ip" isnt it?

ACS already sends ip:inacl=xxxx to PIX/ASA as part of the Downloadable ACLs feature.

AFAIK thats the only support the ASA has for cisco-av-pair.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: