05-09-2024 07:15 AM
Can someone explain to me each of these commands :
SW2(config-radius-server)#radius-server attribute 6 on-for-login-auth
SW2(config)#radius-server attribute 8 include-in-access-req
SW2(config)#radius-server attribute 25 access-request include
SW2(config)#radius-server vsa send accounting
SW2(config)#radius-server vsa send authentication
SW2(config)#radius-server dead-criteria time 30 tries 3
SW2(config)#radius-server timeout 2
05-09-2024 07:26 AM
@Jason2005 most of these commands are described in the Cisco ISE wired prescriptive guide https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515
Send the Service-Type attribute in the authentication packets, which is important for ISE to distinguish between the different authentication methods:
c9300-Sw(config)#radius-server attribute 6 on-for-login-auth
Send the IP address of an endpoint to the RADIUS server in the access request:
c9300-Sw(config)#radius-server attribute 8 include-in-access-req
Include the class attribute in an access request for network access authorization:
c9300-Sw(config)#radius-server attribute 25 access-request include
Define how a switch must detect a RADIUS server reachability failure:
c9300-Sw(config)#radius-server dead-criteria time 10 tries 3
Specifies the number of seconds a switch waits for a reply to a RADIUS request before resending the request. The default is 5 seconds; the range is 1 to 1000.
Switch(config)# radius-server timeout 3
Device(config)# radius-server vsa send [accounting | authentication]
05-09-2024 07:34 AM
Does an attribute refers to a segment on a Packet ?
05-09-2024 07:38 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide