3-13
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 3 Setting Up the Cisco Secure ACS HTML Interface
Protocol Configuration Options for RADIUS
Details regarding the types of RADIUS settings pages follow:
•
(IETF) RADIUS Settings—This page lists attributes available for (IETF)
RADIUS.
These standard (IETF) RADIUS attributes are available for any network
device configuration when using RADIUS. If you want to use IETF attribute
number 26 (for VSAs), select Interface Configuration and then RADIUS for
the vendors whose network devices you use. Attributes for (IETF) RADIUS
and the VSA for each RADIUS network device vendor supported by
Cisco Secure ACS appear in User Setup or Group Setup.
Note
The RADIUS (IETF) attributes are shared with RADIUS VSAs. You
must configure the first RADIUS attributes from RADIUS (IETF) for
the RADIUS vendor.
The Tags to Display Per Attribute option (located under Advanced
Configuration Options) enables you to specify how many values to display for
tagged attributes on the User Setup and Group Setup pages. Examples of
tagged attributes include [064]Tunnel-Type and [069]Tunnel-Password.
For detailed procedural information, see
Setting Protocol Configuration
Options for IETF RADIUS Attributes, page 3-15
.
•
RADIUS (Cisco IOS/PIX) Settings—This section allows you to enable the
specific attributes for RADIUS (Cisco IOS/PIX). Selecting the first attribute
listed under RADIUS (Cisco IOS/PIX), 026/009/001, displays an entry field
under User Setup and/or Group Setup in which any commands can
be entered to fully leverage in a RADIUS environment. For
detailed procedural information, see
Setting Protocol Configuration Options
for Non-IETF RADIUS Attributes, page 3-16
.
•
RADIUS (Cisco Aironet) Settings—This section allows you to enable the
specific attribute for RADIUS (Cisco Aironet). The single Cisco Aironet
RADIUS VSA, Cisco-Aironet-Session-Timeout, is a specialized
implementation of the IETF RADIUS Session-Timeout attribute (27). When
Cisco Secure ACS responds to an authentication request from a Cisco
Aironet Access Point and the Cisco-Aironet-Session-Timeout attribute is
configured, Cisco Secure ACS sends to the wireless device this value in the
IETF Session-Timeout attribute. This enables you to provide different session