Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius VSA 26 cisco-avpair

Hi all,

I couldn't find any details how to use RADIUS Vendor-Specific Attributes (VSA)26 , cisco av-pair but only some samples like:

cisco-avpair= "shell:priv-lvl=15"

Is there a FULL list of these attributes with correct syntax explained for IOS 12.4 and ASA 8.x anywhere? Much appreciated your response.

3 REPLIES
Silver

Re: Radius VSA 26 cisco-avpair

For the most part you can put any IOS TACACS+ attribute inti the cisco-av-pair using the format

service:attr=value

eg

ip:ip-addr=x.x.x.x

ip:inacl=blah

There's an IOS dictionary here: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_TACAtr.pdf

What isnt documented very well are the instances of cisco-ac-pair that various groups within Cisco have created for their own devices.

New Member

Re: Radius VSA 26 cisco-avpair

Thanks for reply. The problem is there're no any explanations how to use these attributes, such as these attributes belong to what "service", "value" and what application applied for.

Silver

Re: Radius VSA 26 cisco-avpair

For ASA with RADIUS the most likely service is just going to be "ip" isnt it?

ACS already sends ip:inacl=xxxx to PIX/ASA as part of the Downloadable ACLs feature.

AFAIK thats the only support the ASA has for cisco-av-pair.

888
Views
5
Helpful
3
Replies