Cisco Cisco IOS Software Release 12.2(4)B

RADIUS Attribute Screening

Configuration Examples

Cisco IOS Release: Multiple releases (see the Feature History table)

Verifying RADIUS Attribute Screening

To verify an accept or reject list, use one of the following commands in privileged EXEC mode:

Configuration Examples

This section provides the following configuration examples:

•

Authorization Accept Example, page 7

•

Accounting Reject Example, page 8

•

Authorization Reject and Accounting Accept Example, page 8

•

Rejecting Required Attributes Example, page 8

Authorization Accept Example

The following example shows how to configure an accept list for attribute 6 (Service-Type) and attribute
7 (Framed-Protocol); all other attributes (including VSAs) are rejected for RADIUS authorization.

aaa new-model

aaa authentication ppp default group radius-sg

aaa authorization network default group radius-sg

aaa group server radius radius-sg

server 1.1.1.1

authorization accept min-author

radius-server host 1.1.1.1 key mykey1

radius-server attribute list min-author

attribute 6-7

Command

Purpose

Router# debug radius

Displays information associated with RADIUS.

Router# debug aaa accounting

Displays information on accountable events as
they occur.

Router# debug aaa authentication

Displays information on AAA authentication.

Router# show radius statistics

Displays the RADIUS statistics for accounting
and authentication packets.