Cisco Cisco IOS Software Release 12.2(1)DX
RADIUS Attribute Screening
radius-server attribute list
14
Cisco IOS Release 12.2(1)DX
radius-server attribute list
To define an accept or reject list name, use the radius-server attribute list command in global
configuration mode.
configuration mode.
radius-server attribute list listname
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
A user may configure an accept or reject list with a selection of attributes on the network access server
(NAS) for authentication or accounting so unwanted attributes are not accepted and processed. The
radius-server attribute list command allows users to specify a name for an accept or reject list. This
command is used in conjunction with the attribute command, which adds attributes to an accept or reject
list.
(NAS) for authentication or accounting so unwanted attributes are not accepted and processed. The
radius-server attribute list command allows users to specify a name for an accept or reject list. This
command is used in conjunction with the attribute command, which adds attributes to an accept or reject
list.
Note
The listname must be the same as the listname defined in the accounting or authorization
configuration command.
configuration command.
Examples
The following example shows how to configure the reject list “bad-author” for RADIUS authorization
and accept list “usage-only” for RADIUS accounting:
and accept list “usage-only” for RADIUS accounting:
aaa new-model
aaa authentication ppp default group radius-sg
aaa authorization network default group radius-sg
aaa group server radius radius-sg
server 1.1.1.1
authorization reject bad-author
accounting accept usage-only
!
radius-server host 1.1.1.1 key mykey1
radius-server attribute list usage-only
attribute 1,40,42-43,46
!
radius-server attribute list bad-author
attribute 22,27-28,56-59
listname
Specifies a name for an accept or reject list.
Release
Modification
12.2(1)DX
This command was introduced.