Руководство По Устранению Ошибки для Cisco Cisco ASA 5520 Adaptive Security Appliance
RADIUS VSA 3076/150 Client−Type Attribute
The Client−Type attribute was added in ASA Release 8.4.3, which allows the ASA to send the type of client
that authenticates to the ISE in Access−Request (and Accounting−Request) packets, and allows ISE to make
policy decisions based on that attribute. This attribute requires no configuration on the ASA, and is sent
automatically.
that authenticates to the ISE in Access−Request (and Accounting−Request) packets, and allows ISE to make
policy decisions based on that attribute. This attribute requires no configuration on the ASA, and is sent
automatically.
The Client−Type attribute is currently defined with these integer values:
Cisco VPN Client (Internet Key Exchange Version (IKEv1))
1.
AnyConnect Client SSL VPN
2.
Clientless SSL VPN
3.
Cut−Through−Proxy
4.
L2TP/IPsec SSL VPN
5.
AnyConnect Client IPsec VPN (IKEv2)
6.
Configure
In this section, you are provided the information you need in order to configure ISE to utilize the Client−Type
attribute described in this document.
attribute described in this document.
Step 1
Create the Custom Attribute
To add the Client−Type attribute values to ISE, create the attribute and populate its values as a custom
dictionary.
dictionary.
On ISE, navigate to Policy > Policy Elements > Dictionaries > System.
1.
Within the System dictionaries, navigate to RADIUS > RADIUS Vendors > Cisco−VPN3000.
2.
The Vendor ID on the screen should be 3076. Click on the Dictionary Attributes tab.
Click Add (See Figure 1).
Figure 1: Dictionary Attributes
a.
3.