Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1137
Views
0
Helpful
1
Replies

attribute definition syntax

xine xine
Level 1
Level 1

‎11-29-2010 10:33 AM - edited ‎03-10-2019 05:37 PM

Hi !

I planned to migrate our MDS switches to TACACS+ for AAA services.  I the documentation I find some different way to defining attributes :

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/fm/configuration/guide/radius.html#wp1224864

shell:roles="network-admin"


shell:roles*"network-admin"


cisco-av-pair*shell:roles="network-admin"


cisco-av-pair*shell:roles*"network-admin"


cisco-av-pair=shell:roles*"network-admin"

what is difference between those syntaxe ?

Labels:
0 Helpful
1 Reply 1

Javier Henderson
Level 4
Level 4

‎11-29-2010 12:18 PM

Whether you put shell: or cisco-av-pair: depends on the RADIUS server.

The * instead of the = makes the attribute optional rather than mandatory. This will have relevance if those attributes will be sent to all devices in which the user logs in, in that case you will want to make the attributes optional or the device might fail authorization if it doesn't know what to do with a mandatory attribute (IOS, for example, will fail authorization if it receives a role assignment as mandatory).

0 Helpful
Customers Also Viewed These Support Documents
Top