cc/td/doc/product/access/acs_serv/6510ssg
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

RADIUS Dictionaries

RADIUS Dictionaries

This appendix contains the Remote Access Dial-In User Service (RADIUS) dictionary for freeware RADIUS servers and the RADIUS dictionary for CiscoSecure Access Control Server (ACS) and Cisco User Control Point (UCP).

Dictionary for Freeware RADIUS Servers

The following text is the contents of the Cisco  6510 dictionary for freeware RADIUS Servers:

# ----------------------------------------------------------------------
# Cisco 6510 Service Selection Gateway
# Version 1.1
# ----------------------------------------------------------------------
# Engineering FTP Server RADIUS Dictionary File: August 31, 1998
# ----------------------------------------------------------------------
#
# ----------------------------------------------------------------------
# 6510 Service Selection Gateway RADIUS Dictionary Profile for
#    Freeware RADIUS Server 
# ----------------------------------------------------------------------
#
# Cisco 6510 SSG v1.1 RADIUS dictionary
#
# This dictionary is designed for and only intended to be 
# used with the Cisco 6510 Service Selection Gateway
# Version 1.0.  It contains a minimal set of RADIUS
# Attribute Value Pair definitions which is not sufficient
# for use with a typical Network Access Server.
#
# This file can be used as a dictionary file replacement for 
# a shareware/freeware RADIUS AAA Server when the RADIUS
# client is the Cisco 6510 Service Selection Gateway version 1.0.
# 
# It is important to note that if you decide to use a Freeware 
# RADIUS Server with the 6510 Service Selection Gateway, it must
# support Vendor Specific Attributes in both Access-Requests and
# Accounting-Requests.
#
ATTRIBUTE     User-Name               1     string
ATTRIBUTE     User-Password           2     string
ATTRIBUTE     NAS-IP-Address          4     ipaddr
ATTRIBUTE     Service-Type            6     integer
ATTRIBUTE     Framed-IP-Address       8     ipaddr
ATTRIBUTE     Reply-Message          18     string
ATTRIBUTE     Class                  25     string
ATTRIBUTE     Vendor-Specific        26     string
ATTRIBUTE     Session-Timeout        27     integer
ATTRIBUTE     Idle-Timeout           28     integer
ATTRIBUTE     Proxy-State            33     string
ATTRIBUTE     Acct-Status-Type       40     integer
ATTRIBUTE     Acct-Input-Octets      42     integer
ATTRIBUTE     Acct-Output-Octets     43     integer
ATTRIBUTE     Acct-Session-Id        44     string
ATTRIBUTE     Acct-Authentic         45     integer
ATTRIBUTE     Acct-Session-Time      46     integer
ATTRIBUTE     Acct-Terminate-Cause   49     integer
#
VENDORATTR     9     Cisco-Avpair       1     string
VENDORATTR     9     Account-Info     250     string
VENDORATTR     9     Service-Info     251     string
VENDORATTR     9     Command-Code     252     string
VENDORATTR     9     Control-Info     253     string
#
#     Integer Translations
#
#
#     User Types
#
VALUE     Service-Type                 Framed               2
VALUE     Service-Type                 Outbound             5
#
#     Status Types
#
VALUE     Acct-Status-Type             Start                1
VALUE     Acct-Status-Type             Stop                 2
VALUE     Acct-Status-Type             Accounting-On        7
VALUE     Acct-Status-Type             Accounting-Off       8
#
#     Authentication Types
#
VALUE     Acct-Authentic                RADIUS              1
#
#     Termination Causes
#
VALUE     Acct-Terminate-Cause          User-Request        1
VALUE     Acct-Terminate-Cause          Lost-Carrier        2
VALUE     Acct-Terminate-Cause          Lost-Service        3
VALUE     Acct-Terminate-Cause          Idle-Timeout        4
VALUE     Acct-Terminate-Cause          Session-Timeout     5
VALUE     Acct-Terminate-Cause          Admin-Reboot        7
VALUE     Acct-Terminate-Cause          Host-Request       18

Dictionary for CiscoSecure ACS and Cisco UCP

The following text is the contents of the Cisco  6510 dictionary for CiscoSecure ACS and Cisco UCP:

------------------------------------------------------------------------
Cisco 6510 Service Selection Gateway
Version 1.1
------------------------------------------------------------------------
------------------------------------------------------------------------
Engineering FTP Server (FTP-ENG) RADIUS DICTIONARY FILE : Aug. 31, 1998
------------------------------------------------------------------------
------------------------------------------------------------------------
6510 Service Selection Gateway RADIUS Dictionary Profile for     
CiscoSecure UNIX 2.2(2.1) and above
------------------------------------------------------------------------
The following profile can be imported into CiscoSecure UNIX to use as a 
RADIUS dictionary with the 6510 Service Selection Gateway.
An example of how to import the profile into CiscoSecure UNIX using the 
DBClient tool from CS UNIX is below the profile.
---------------------------- BEGIN PROFILE -----------------------------
user = DICTIONARY.6510-SSG-v1.1{
profile_id = 540 
profile_cycle = 4
1=User-Name string none
2=User-Password string check
4=NAS-IP-Address ipaddr check
6=Service-Type enum check {
2=Framed
5=Outbound
} 
8=Framed-IP-Address ipaddr check
18=Reply-Message string none
25=Class string none
9,1=Cisco-Avpair string reply
9,250=Account-Info string reply
9,251=Service-Info string reply
9,252=Command-Code string none
9,253=Control-Info string reply
27=Session-Timeout integer reply
28=Idle-Timeout integer reply
33=Proxy-State string none
40=Acct-Status-Type enum none {
1=Start
2=Stop
7=Accounting-On
8=Accounting-Off
} 
42=Acct-Input-Octets integer none
43=Acct-Output-Octets integer none
44=Acct-Session-Id string none
45=Acct-Authentic enum none {
1=RADIUS
} 
46=Acct-Session-Time integer none
49=Acct-Terminate-Cause enum none {
1=User-Request
2=Lost-Carrier
3=Lost-Service
4=Idle-Timeout
5=Session-Timeout
7=Admin-Reboot
18=Host-Request
} 
200=Token-Immediate enum check {
0=Tok-Imm-No
1=Tok-Imm-Yes
} 
}
----------------------------- END PROFILE ------------------------------
The following is an example of how to properly place the dictionary into
the CiscoSecure database using the DBClient tool from CS UNIX 
($BASEDIR/DBClient/DBClient).
/*                                                                   */
/* First use DBClient to import the dictionary profile into CS UNIX. */
/*                                                                   */
# /cs/DBClient/DBClient -p 9900
Username: superuser
Password:
Request Types:
create, delete, update, replace, get, lock, unlock, query, 
insert_accounting,
get_accounting, admin_Commands, is_unlock, exit
Request type: create
Data(create): (to quit type: <ENTER>)
user = DICTIONARY.6510-SSG-v1.1{
profile_id = 540 
profile_cycle = 5 
1=User-Name string none
2=User-Password string check
4=NAS-IP-Address ipaddr check
6=Service-Type enum check {
2=Framed
5=Outbound
} 
8=Framed-IP-Address ipaddr check
18=Reply-Message string none
25=Class string none
9,1=Cisco-Avpair string reply
9,250=Account-Info string reply
9,251=Service-Info string reply
9,252=Command-Code string none
9,253=Filter-Info string reply
27=Session-Timeout integer reply
28=Idle-Timeout integer reply
33=Proxy-State string none
40=Acct-Status-Type enum none {
1=Start
2=Stop
7=Accounting-On
8=Accounting-Off
} 
42=Acct-Input-Octets integer none
43=Acct-Output-Octets integer none
44=Acct-Session-Id string none
45=Acct-Authentic enum none {
1=RADIUS
} 
46=Acct-Session-Time integer none
49=Acct-Terminate-Cause enum none {
1=User-Request
2=Lost-Carrier
3=Lost-Service
4=Idle-Timeout
5=Session-Timeout
7=Admin-Reboot
18=Host-Request
} 
200=Token-Immediate enum check {
0=Tok-Imm-No
1=Tok-Imm-Yes
} 
}
Requesting Command: create
Response:
Response Type:SUCCESS
Response Data Size: 71
Response Data:
user = DICTIONARY.6510-SSG-v1.1 {
profile_cycle = 1
profile_id = 501
}
 
 
---End of Response---
 
/*                                                                   */
/* Next use DBClient to get a copy of the DICTIONARY_LIST profile    */
/*                                                                   */
Request Types:
create, delete, update, replace, get, lock, unlock, query, 
insert_accounting,
get_accounting, admin_Commands, is_unlock, exit
Request type: get
Data(get): (to quit type: <ENTER>)
user=DICTIONARY_LIST
 
Requesting Command: get
Response:
Response Type:SUCCESS
Response Data Size: 130
Response Data:
user = DICTIONARY_LIST{
profile_id = 5
profile_cycle = 2
DICTIONARY.IETF
DICTIONARY.Cisco
DICTIONARY.Ascend
            /* When you cut & paste watch out for this blank line */
            /* Don't include it.  It WILL cause problems.         */
---End of Response---
 
/*                                                                   */
/* Next copy from the profile you got in the last step and paste it  */
/* to the Data portion of the replace DBClient command while adding  */
/* a new entry for "DICTIONARY.6510-SSG-v1.0".                       */
/*                                                                   */
Request Types:
create, delete, update, replace, get, lock, unlock, query, 
insert_accounting,
get_accounting, admin_Commands, is_unlock, exit
Request type: replace
Data(replace): (to quit type: <ENTER>)
user = DICTIONARY_LIST{
profile_id = 5
profile_cycle = 2
DICTIONARY.IETF
DICTIONARY.Cisco
DICTIONARY.Ascend
DICTIONARY.6510-SSG-v1.1
}
 
Requesting Command: replace
Response:
Response Type:SUCCESS
Response Data Size: 60
Response Data:
user = DICTIONARY_LIST {
profile_cycle = 3
profile_id = 5
}
 
 
---End of Response---
 
/*                                                                   */
/* If you want, use the get command to get both the dictionary       */
/* profile (DICTIONARY.6510-SSG-v1.0) and the dictionary list        */
/* profile (DICTIONARY_LIST) to make sure they look correct          */
/*                                                                   */

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.