11-02-2009 08:13 AM - edited 03-10-2019 04:46 PM
Hi all,
I couldn't find any details how to use RADIUS Vendor-Specific Attributes (VSA)26 , cisco av-pair but only some samples like:
cisco-avpair= "shell:priv-lvl=15"
Is there a FULL list of these attributes with correct syntax explained for IOS 12.4 and ASA 8.x anywhere? Much appreciated your response.
11-03-2009 02:01 AM
For the most part you can put any IOS TACACS+ attribute inti the cisco-av-pair using the format
service:attr=value
eg
ip:ip-addr=x.x.x.x
ip:inacl=blah
There's an IOS dictionary here: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_TACAtr.pdf
What isnt documented very well are the instances of cisco-ac-pair that various groups within Cisco have created for their own devices.
11-03-2009 09:30 PM
Thanks for reply. The problem is there're no any explanations how to use these attributes, such as these attributes belong to what "service", "value" and what application applied for.
11-04-2009 04:54 AM
For ASA with RADIUS the most likely service is just going to be "ip" isnt it?
ACS already sends ip:inacl=xxxx to PIX/ASA as part of the Downloadable ACLs feature.
AFAIK thats the only support the ASA has for cisco-av-pair.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide