Table of Contents
Advertisement
Chapter 16
Configuring RADIUS Features
Configuration Tasks for RADIUS Attribute Screening
To configure and verify the RADIUS Attribute Screening feature, see the
Attribute Accept or Reject Lists" section on page
Configuration Examples for RADIUS Attribute Screening
This section provides the following configuration examples:
•
•
•
•
Authorization Accept Configuration Example
The following example shows how to configure an accept list for attribute 6 (Service-Type) and
attribute 7(Framed-Protocol). All other attributes (including VSAs) are rejected for RADIUS
authorization.
aaa new-model
aaa authentication ppp default group radius-sg
aaa authorization network default group radius-sg
aaa group server radius radius-sg
!
radius-server host 10.1.1.1 key mykey1
radius-server attribute list min-author
Accounting Reject Configuration Example
The following example shows how to configure a reject list for attribute 66 (Tunnel-Client-Endpoint)
and attribute 67 (Tunnel-Server-Endpoint). All other attributes (including VSAs) are accepted for
RADIUS accounting.
aaa new-model
aaa authentication ppp default group radius-sg
aaa authorization network default group radius-sg
aaa group server radius radius-sg
!
radius-server host 10.1.1.1 key mykey1
radius-server attribute list tnl-x-endpoint
OL-2226-23
Authorization Accept Configuration Example, page 16-41
Accounting Reject Configuration Example, page 16-41
Authorization Reject and Accounting Accept Configuration Example, page 16-42
Rejecting Required Attributes Configuration Example, page 16-42
server 10.1.1.1
authorization accept min-author
attribute 6-7
server 10.1.1.1
accounting reject tnl-x-endpoint
attribute 66-67
5-37.
Cisco 10000 Series Router Software Configuration Guide
RADIUS Attribute Screening
"Configuring RADIUS
16-41
Advertisement
Table of Contents
Troubleshooting
