Re: [OSL | CCIE_Security] dot1x ACS RADIUS Config

Wed, 27 Jan 2010 06:55:33 -0800 

Kings,

                Thanks for the quick response! I see that link leads to
an exhaustive list of all the RADIUS attributes available. However I am
seeking the location in CCO documentation where I can find VSA
requirements for RADIUS (Cisco IOS/PIX 6.0) to support 802.1x. I need to
be able to drill down exactly that location when I take the lab. From
Yusuf's book,  here is the exact quote:

 

"When RADIUS (Cisco IOS/PIX 6.0) server is selected as the NAS type in
Cisco Secure ACS, the vendor-specific AV-Pair (Attribute 26) must be
used to download attribute 64, 65, and 81, to be returned to the switch
for 802.1x authentication:

 

 

[RADIUS Attribute 26] Vendor Specific Attribute (VSA)

 

- cisco-avpair= "tunnel-type(#64)=VLAN(13)"

 

- cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"

 

- cisco-avpair= "tunnel-private-group-ID(#81)=vlan_name or vlan_id"

"

 

Where would I find this specification?

 

Thanks!
Dave

From: Kingsley Charles [mailto:[email protected]] 
Sent: Wednesday, January 27, 2010 9:42 AM
To: Mack, David A (Dave)
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] dot1x ACS RADIUS Config

 

Hi Dave

 

You can find the TACACS and Radius attributes at the floowing location:

 

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guid
e/sec_rad_ov_ietf_attr_ps6441_TSD_Products_Configuration_Guide_Chapter.h
tml

 

 

 

 

 

With regards

Kings

On Wed, Jan 27, 2010 at 7:47 PM, Mack, David A (Dave)
<[email protected]> wrote:

Hello All!
    I am studying up on dot1x and read in Yusuf's book that there are
two options for the RADIUS on the ACS. On page 338, he shows the config
(Attributes) for RADIUS (IETF) and on page 339, he shows the config for
RADIUS (Cisco IOS/PIX 6.0). As I read it, we can use either. The
challenge is that there is no question marks on the CLI for ACS and we
can't browse the menus/buttons on the ACS either. We have to know cold
the exact text to enter in the dialog boxes. Knowing that I want to be
able to find the magical incantations in the CCO documents. I can find
the RADIUS (IETF) attributes in the Catalyst 3560 Switch Software
Configuration Guide in the Using IEEE 802.1X Authentication with VLAN
Assignment. I can't find a document for RADIUS (Cisco IOS/PIX 6.0). Does
anyone know where to find it?


Thanks!
Dave

_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com <http://www.ipexpert.com/> 

 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to