Kingsley,
I have been fairly busy with a bunch of bootcamps, so response from me is somewhat shaky for the next two weeks. The RADIUS server is going to send it back as an attribute that is configured. The router by default does not require this attribute to accept incoming connections For the router to require this attribute to be present you must configure it to by the command below. That is what is meant by the statement below. Reply item meaning it is going to accept it as an attribute from the RADIUS server. Check item means when you add the command the router will not accept the connection unless the reply is present. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, June 15, 2010 11:58 PM To: [email protected] Subject: Re: [OSL | CCIE_Security] radius attributes 6 and 8 Waiting for your inputs :-) On Tue, Jun 15, 2010 at 7:48 PM, Kingsley Charles <[email protected]> wrote: Hi all radius attributes 6 Can someone explain what does this note mean? I am not getting the meaning of "RADIUS tunnel profiles should include "Service-Type=Outbound" as a check item, not just as a reply item". Snippet from http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_r1gt.h tml#wp1172687 Note <http://../i/templates/blank.gif> The Service-Type attribute is sent by default in RADIUS Accept-Request messages. Therefore, RADIUS tunnel profiles should include "Service-Type=Outbound" as a check item, not just as a reply item. Failure to include Service-Type=Outbound as a check item can result in a security hole. radius attributes 8 >From CCIE security perspective, can someone please let me know for which feature we would need "radius-server attribute 8 include-in-access-req". With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
