Good point, Marta, I wish there's a consolidated documentation showing how to properly form those attributes with the required service for different scenarios - auth-proxy, shell access, VPN and so on. I.e. we do auth-proxy via RADIUS and it's not enough to know the attribute name - Name=proxyacl. The syntax is auth-proxy:proxyacl#1=permit ip any any" And so on for other situations and scenarios.
Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Marta Sokolowska Sent: Saturday, July 21, 2012 4:35 PM To: GuardGrid Cc: ccie_security Subject: Re: [OSL | CCIE_Security] Radius VSA Type the following command on the router's CLI: show aaa attributes -- Marta Sokolowska. 2012/7/22 GuardGrid <[email protected]<mailto:[email protected]>> Guys, Where in the documentation do we get the complete listing of all attributes like below for RADIUS and TACACS for that matter, ipsec:tunnel-type=ESP ipsec:key-exchange=IKE ipsec:tunnel-password=ipexpert ipsec:inacl=SPLIT ipsec:save-password=1 I found some in examples for configuring EZVPN but not a seperate section of just these VSA not IETF's. Let me know.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
