Tyson,
Thanks! I had the first link but not the second. I do
wish that the second link used the term dot1x or 802.1x in the example.
Instead it says "This example shows how to specify an authorized VLAN in
the RADIUS server database" . It certainly is not obvious that this
config is used on the CISCO ACS as "RADIUS (Cisco IOS/PIX 6.0)" It
would also be nice for Cisco to put them on the same page for 802.1x.
Not your fault, I know J
Thanks!
Dave
From: Tyson Scott [mailto:[email protected]]
Sent: Wednesday, January 27, 2010 10:08 AM
To: Mack, David A (Dave); 'Kingsley Charles'
Cc: [email protected]
Subject: RE: [OSL | CCIE_Security] dot1x ACS RADIUS Config
David,
The IETF Attributes are in the 3560 configuration page.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea
se/12.2_46_se/configuration/guide/sw8021x.html#wp1289244
All that you need to know to configure them as Cisco AV Pairs is to type
it out as you have shown below. But if you go to that section that I
gave the link above and you click the url at the bottom of the section
it will take you to the following. This is what you are looking for.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea
se/12.2_46_se/configuration/guide/swauthen.html#wpxref83693
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: [email protected]
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
(R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security
& Service Provider) Certification Training with locations throughout the
United States, Europe and Australia. Be sure to check out our online
communities at www.ipexpert.com/communities and our public website at
www.ipexpert.com
From: [email protected]
[mailto:[email protected]] On Behalf Of Mack,
David A (Dave)
Sent: Wednesday, January 27, 2010 9:51 AM
To: Kingsley Charles
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] dot1x ACS RADIUS Config
Kings,
Thanks for the quick response! I see that link leads to
an exhaustive list of all the RADIUS attributes available. However I am
seeking the location in CCO documentation where I can find VSA
requirements for RADIUS (Cisco IOS/PIX 6.0) to support 802.1x. I need to
be able to drill down exactly that location when I take the lab. From
Yusuf's book, here is the exact quote:
"When RADIUS (Cisco IOS/PIX 6.0) server is selected as the NAS type in
Cisco Secure ACS, the vendor-specific AV-Pair (Attribute 26) must be
used to download attribute 64, 65, and 81, to be returned to the switch
for 802.1x authentication:
[RADIUS Attribute 26] Vendor Specific Attribute (VSA)
- cisco-avpair= "tunnel-type(#64)=VLAN(13)"
- cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"
- cisco-avpair= "tunnel-private-group-ID(#81)=vlan_name or vlan_id"
"
Where would I find this specification?
Thanks!
Dave
From: Kingsley Charles [mailto:[email protected]]
Sent: Wednesday, January 27, 2010 9:42 AM
To: Mack, David A (Dave)
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] dot1x ACS RADIUS Config
Hi Dave
You can find the TACACS and Radius attributes at the floowing location:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guid
e/sec_rad_ov_ietf_attr_ps6441_TSD_Products_Configuration_Guide_Chapter.h
tml
With regards
Kings
On Wed, Jan 27, 2010 at 7:47 PM, Mack, David A (Dave)
<[email protected]> wrote:
Hello All!
I am studying up on dot1x and read in Yusuf's book that there are
two options for the RADIUS on the ACS. On page 338, he shows the config
(Attributes) for RADIUS (IETF) and on page 339, he shows the config for
RADIUS (Cisco IOS/PIX 6.0). As I read it, we can use either. The
challenge is that there is no question marks on the CLI for ACS and we
can't browse the menus/buttons on the ACS either. We have to know cold
the exact text to enter in the dialog boxes. Knowing that I want to be
able to find the magical incantations in the CCO documents. I can find
the RADIUS (IETF) attributes in the Catalyst 3560 Switch Software
Configuration Guide in the Using IEEE 802.1X Authentication with VLAN
Assignment. I can't find a document for RADIUS (Cisco IOS/PIX 6.0). Does
anyone know where to find it?
Thanks!
Dave
_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
