David,
It isn't all on the same page but you can get to the second link from the first link. It is pretty easy to find once you are aware of it. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com> www.ipexpert.com From: Mack, David A (Dave) [mailto:[email protected]] Sent: Wednesday, January 27, 2010 10:25 AM To: Tyson Scott; Kingsley Charles Cc: [email protected] Subject: RE: [OSL | CCIE_Security] dot1x ACS RADIUS Config Tyson, Thanks! I had the first link but not the second. I do wish that the second link used the term dot1x or 802.1x in the example. Instead it says "This example shows how to specify an authorized VLAN in the RADIUS server database" . It certainly is not obvious that this config is used on the CISCO ACS as "RADIUS (Cisco IOS/PIX 6.0)" It would also be nice for Cisco to put them on the same page for 802.1x. Not your fault, I know J Thanks! Dave From: Tyson Scott [mailto:[email protected]] Sent: Wednesday, January 27, 2010 10:08 AM To: Mack, David A (Dave); 'Kingsley Charles' Cc: [email protected] Subject: RE: [OSL | CCIE_Security] dot1x ACS RADIUS Config David, The IETF Attributes are in the 3560 configuration page. http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1 2.2_46_se/configuration/guide/sw8021x.html#wp1289244 All that you need to know to configure them as Cisco AV Pairs is to type it out as you have shown below. But if you go to that section that I gave the link above and you click the url at the bottom of the section it will take you to the following. This is what you are looking for. http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1 2.2_46_se/configuration/guide/swauthen.html#wpxref83693 Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Mack, David A (Dave) Sent: Wednesday, January 27, 2010 9:51 AM To: Kingsley Charles Cc: [email protected] Subject: Re: [OSL | CCIE_Security] dot1x ACS RADIUS Config Kings, Thanks for the quick response! I see that link leads to an exhaustive list of all the RADIUS attributes available. However I am seeking the location in CCO documentation where I can find VSA requirements for RADIUS (Cisco IOS/PIX 6.0) to support 802.1x. I need to be able to drill down exactly that location when I take the lab. From Yusuf's book, here is the exact quote: "When RADIUS (Cisco IOS/PIX 6.0) server is selected as the NAS type in Cisco Secure ACS, the vendor-specific AV-Pair (Attribute 26) must be used to download attribute 64, 65, and 81, to be returned to the switch for 802.1x authentication: [RADIUS Attribute 26] Vendor Specific Attribute (VSA) - cisco-avpair= "tunnel-type(#64)=VLAN(13)" - cisco-avpair= "tunnel-medium-type(#65)=802 media(6)" - cisco-avpair= "tunnel-private-group-ID(#81)=vlan_name or vlan_id" " Where would I find this specification? Thanks! Dave From: Kingsley Charles [mailto:[email protected]] Sent: Wednesday, January 27, 2010 9:42 AM To: Mack, David A (Dave) Cc: [email protected] Subject: Re: [OSL | CCIE_Security] dot1x ACS RADIUS Config Hi Dave You can find the TACACS and Radius attributes at the floowing location: http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/se c_rad_ov_ietf_attr_ps6441_TSD_Products_Configuration_Guide_Chapter.html With regards Kings On Wed, Jan 27, 2010 at 7:47 PM, Mack, David A (Dave) <[email protected]> wrote: Hello All! I am studying up on dot1x and read in Yusuf's book that there are two options for the RADIUS on the ACS. On page 338, he shows the config (Attributes) for RADIUS (IETF) and on page 339, he shows the config for RADIUS (Cisco IOS/PIX 6.0). As I read it, we can use either. The challenge is that there is no question marks on the CLI for ACS and we can't browse the menus/buttons on the ACS either. We have to know cold the exact text to enter in the dialog boxes. Knowing that I want to be able to find the magical incantations in the CCO documents. I can find the RADIUS (IETF) attributes in the Catalyst 3560 Switch Software Configuration Guide in the Using IEEE 802.1X Authentication with VLAN Assignment. I can't find a document for RADIUS (Cisco IOS/PIX 6.0). Does anyone know where to find it? Thanks! Dave _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
