Cisco Cisco IOS Software Release 12.2(1)DX
1
Cisco IOS Release 12.2(1)DX
RADIUS Attribute Screening
This feature module describes the RADIUS Attribute Screening feature in Cisco IOS
Release 12.2(1)DX. It includes the following sections:
Release 12.2(1)DX. It includes the following sections:
•
•
•
•
•
•
•
•
Feature Overview
The RADIUS Attribute Screening feature allows users to configure a list of “accept” or “reject”
RADIUS attributes on the network access server (NAS) for purposes such as authorization or
accounting.
RADIUS attributes on the network access server (NAS) for purposes such as authorization or
accounting.
If a NAS accepts and processes all RADIUS attributes received in an Access-Accept packet, unwanted
attributes may be processed, creating a problem for wholesale providers who do not control their
customers’ authentication, authorization, and accounting (AAA) servers. For example, there may be
attributes that specify services to which the customer has not subscribed, or there may be attributes that
may degrade service for other wholesale dial users. The ability to configure the NAS to restrict the use
of specific attributes has therefore become a requirement for many users.
attributes may be processed, creating a problem for wholesale providers who do not control their
customers’ authentication, authorization, and accounting (AAA) servers. For example, there may be
attributes that specify services to which the customer has not subscribed, or there may be attributes that
may degrade service for other wholesale dial users. The ability to configure the NAS to restrict the use
of specific attributes has therefore become a requirement for many users.
The RADIUS Attribute Screening feature should be implemented in one of the following ways:
•
To allow the NAS to accept and process all standard RADIUS attributes for a particular purpose,
except for those on a configured reject list
except for those on a configured reject list
•
To allow the NAS to reject (filter out) all standard RADIUS attributes for a particular purpose,
except for those on a configured accept list
except for those on a configured accept list