6-45
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 6 Setting Up and Managing User Groups
Configuration-specific User Group Settings
Configuring Microsoft RADIUS Settings for a User Group
Microsoft RADIUS provides VSAs supporting MPPE, which is an encryption
technology developed by Microsoft to encrypt PPP links. These PPP connections
can be via a dial-in line, or over a VPN tunnel. The Microsoft RADIUS attribute
configurations appear only when both the following are true:
•
A network device has been configured in Network Configuration that uses a
RADIUS protocol that supports the Microsoft RADIUS VSA.
•
Group-level Microsoft RADIUS attributes have been enabled on the RADIUS
(Microsoft) page of the Interface Configuration section.
The following Cisco Secure ACS RADIUS protocols support the Microsoft
RADIUS VSA:
•
Cisco IOS/PIX
•
Cisco VPN 3000
•
Ascend
Microsoft RADIUS represents only the Microsoft VSA. You must configure both
the IETF RADIUS and Microsoft RADIUS attributes.
Note
To hide or display Microsoft RADIUS attributes, see
Setting Protocol
Configuration Options for Non-IETF RADIUS Attributes, page 3-16
. A VSA
applied as an authorization to a particular group persists, even when you remove
or replace the associated AAA client; however, if you have no AAA clients of this
(vendor) type configured, the VSA settings do not appear in the group
configuration interface.
To configure and enable Microsoft RADIUS attributes to be applied as an
authorization for each user in the current group, follow these steps:
Step 1
Confirm that your IETF RADIUS attributes are configured properly.
For more information about setting IETF RADIUS attributes, see
Configuring
IETF RADIUS Settings for a User Group, page 6-37
.
Step 2
In the navigation bar, click Group Setup.
Result: The Group Setup Select page opens.