The RADIUS Attributes Rewrite feature introduced in ACS 5.4 enables to add, overwrite and delete RADIUS INBOUND attributes on access requests, which will be redirected to external servers. In ACS 5.5, it is extended to enable manipulation on RADIUS OUTBOUND attributes. ACS 5.5 supports add, overwrite and delete of RADIUS OUTBOUND attributes, which will be returned to the client. The RADIUS attributes rewrite is enabled for Access-Accept response only, yet not for Access-Reject or Challenge responses and not relevant for accounting responses. The attribute manipulation is defined as attribute operation statement and configured as part of the Proxy Access Service. Administrator can configure attribute operation clause for a specific proxy access service. When this service is selected, ACS performs the operation on the Access Accept response and returns the updated response to the client.
Thanks for responding. I know you have already moved on from this but we have figured an alternate method to do this just for FYI in case you wanted to change things in the future.
We have selection rules based on the username in our case "@college.edu" and assign a corresponding service rule.
Here we are still using the "outbound attribute injection", but we are using the "airspace-interface-name" under the "Radius Cisco-airspace" dictionary. There we are specifying an interface group we setup on the WLC.
This actually is even better for our environment as this will help keep our subnet size down and if we need more IP's we can assign and additional interface to that group.
Hmm, never thought about that. But do you have AAA override still on? I noticed that some administrators send an ACCESS-ACCEPT and also the attributes described in my first post for their own network. So we had users in the wrong VLAN because of that.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...