Cisco C3201FESMIC-TP= Software Guide - Page 93
Configuring the Bridge to Use Vendor-Specific RADIUS Attributes, radius-server deadtime
UPC - 882658032479
View all Cisco C3201FESMIC-TP= manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 93 highlights
Administering the WMIC Configuring and Enabling RADIUS Step 5 Step 6 Step 7 Step 8 Step 9 Command radius-server deadtime minutes radius-server attribute 32 include-in-access-req format %h end show running-config copy running-config startup-config Purpose Use this command to cause the Cisco IOS software to mark as "dead" any RADIUS servers that fail to respond to authentication requests, thus avoiding the wait for the request to time out before trying the next configured server. A RADIUS server marked as dead is skipped by additional requests for the duration of minutes that you specify. Note If you set up more than one RADIUS server, you must configure the RADIUS server deadtime for optimal performance. Configures the bridge to send its system name in the NAS_ID attribute for authentication. Returns to privileged EXEC mode. Verifies your settings. (Optional) Saves your entries in the configuration file. To return to the default setting for the retransmit, timeout, and deadtime, use the no forms of these commands. Configuring the Bridge to Use Vendor-Specific RADIUS Attributes The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the bridge and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes that are not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific option by using the format recommended in the specification. Cisco's vendor ID is 9, and the supported option has vendor type 1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate AV pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and the asterisk (*) for optional attributes. This allows the full set of features available for TACACS+ authorization to also be used for RADIUS. For example, the following AV pair activates Cisco's multiple named ip address pools feature during IP authorization (during Point-to-Point Protocol IP Control Protocol (PPP IPCP) address assignment): cisco-avpair= "ip:addr-pool=first" The following example shows how to provide a user logging in from a bridge with immediate access to privileged EXEC commands: cisco-avpair= "shell:priv-lvl=15" Other vendors have their own unique vendor IDs, options, and associated VSAs. For more information about vendor IDs and VSAs, see RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)." Cisco 3200 Series Wireless MIC Software Configuration Guide 29