Cisco Systems 3.3 Manual De Usuario
Chapter 6 User Group Management
Configuration-specific User Group Settings
6-40
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Configuring Cisco IOS/PIX RADIUS Settings for a User Group
The Cisco IOS/PIX RADIUS parameters appear only when both the following are
true:
true:
•
A AAA client has been configured to use RADIUS (Cisco IOS/PIX) in
Network Configuration.
Network Configuration.
•
Group-level RADIUS (Cisco IOS/PIX) attributes have been enabled in
Interface Configuration: RADIUS (Cisco IOS/PIX).
Interface Configuration: RADIUS (Cisco IOS/PIX).
Cisco IOS/PIX RADIUS represents only the Cisco VSAs. You must configure
both the IETF RADIUS and Cisco IOS/PIX RADIUS attributes.
both the IETF RADIUS and Cisco IOS/PIX RADIUS attributes.
Note
To hide or display Cisco IOS/PIX RADIUS attributes, see
. A VSA
applied as an authorization to a particular group persists, even when you remove
or replace the associated AAA client; however, if you have no AAA clients of this
(vendor) type configured, the VSA settings do not appear in the group
configuration interface.
or replace the associated AAA client; however, if you have no AAA clients of this
(vendor) type configured, the VSA settings do not appear in the group
configuration interface.
To configure and enable Cisco IOS/PIX RADIUS attributes to be applied as an
authorization for each user in the current group, follow these steps:
authorization for each user in the current group, follow these steps:
Step 1
Before you configure Cisco IOS/PIX RADIUS attributes, be sure your IETF
RADIUS attributes are configured properly. For more information about setting
IETF RADIUS attributes, see
RADIUS attributes are configured properly. For more information about setting
IETF RADIUS attributes, see
Step 2
If you want to use the [009\001] cisco-av-pair attribute to specify authorizations,
select the check box next to the attribute and then type the attribute-value pairs in
the text box. Separate each attribute-value pair by pressing Enter.
select the check box next to the attribute and then type the attribute-value pairs in
the text box. Separate each attribute-value pair by pressing Enter.
For example, if the current group is used for assigning authorizations to Network
Admission Control (NAC) clients to which Cisco Secure ACS assigns a system
posture token of Infected, you could specify values for the url-redirect,
posture-token, and status-query-timeout attributes as follows:
Admission Control (NAC) clients to which Cisco Secure ACS assigns a system
posture token of Infected, you could specify values for the url-redirect,
posture-token, and status-query-timeout attributes as follows:
url-redirect=http://10.1.1.1
posture-token=Infected
status-query-timeout=150