|
|
This chapter provides a list of the dictionaries and their attribute-value pairs that are supported by CiscoSecure Access Control Server (ACS). You can also add your own set of attributes for custom solutions.
The CiscoSecure ACS supports the major proprietary RADIUS sets of attribute-value pairs, including those contained in Cisco IOS Release 11.1, 11.2, 11.3, Ascend-RADIUS, Ascend5-RADIUS, and IETF-RADIUS (the set of RADIUS attribute-value pairs defined by the International Engineering Task Force). As such, you can use the CiscoSecure ACS to service a network access server (NAS) that is running any combination of configured Cisco, Ascend, or IETF-RADIUS-compliant attributes.
To provide this level of support, attribute sets are conveniently stored in units called dictionaries. A NAS that is using a given set of attribute-value pairs can easily exchange data with a CiscoSecure ACS that is loaded with the corresponding dictionary of attributes.
When setting up group and user profiles from the Members page of the Java-based CiscoSecure Administrator advanced configuration program, the available dictionaries are listed under the Options menu (see the section "Assigning RADIUS Attributes to a Group or User Profile," in the CiscoSecure ACS 2.3 for UNIX User Guide chapter "Advanced Group and User Management"). Depending on what attribute sets your NAS supports, you can specify one or more dictionaries as part of a User-Profile setup. By default, you always see dictionaries named RADIUS-Ascend, RADIUS-Ascend5, RADIUS-Cisco, RADIUS-Cisco11.1, RADIUS-Cisco11.2, RADIUS-Cisco11.3, and RADIUS-IETF.
By clicking the Dictionaries tab of the CiscoSecure Administrator advanced configuration program, you can specify custom attribute-value pairs you want on your CiscoSecure ACS. CiscoSecure ACS provides a special management tool that allows you to make a brand-new dictionary, or to make a copy of an existing dictionary and then modify its contents for special purposes. For details, see the sections "Dictionary of Cisco IOS RADIUS Attribute-Value Pairs," "Dictionary of IETF RADIUS Attributes" and "Dictionary of Ascend RADIUS Attributes" later in this chapter.
Depending on your NAS's implementation, the CiscoSecure ACS provides one of the following attribute dictionaries:
The following sections contain dictionary translations for parsing requests and generating responses. All transactions are composed of attribute-value pairs. The value of each attribute is specified as 1of 5data types:
Enumerated values are stored in the user file with dictionary value translations for easy administration.
Before selecting attribute-value pairs for the CiscoSecure ACS, confirm that your NAS has Cisco IOS Release 11.1 or later or compatible NAS software, for RADIUS support.
Table 7-1 contains the attribute-value pairs provided in the Cisco IOS software.
| Attribute | Value | Type of Value |
|---|---|---|
1 | string | |
2 | string | |
3 | string | |
4 | ipaddr | |
5 | integer | |
6 | integer | |
7 | integer | |
8 | ipaddr | |
9 | ipaddr | |
10 | integer | |
11 | string | |
12 | integer | |
13 | integer | |
14 | ipaddr | |
15 | integer | |
16 | integer | |
17 | string | |
18 | string | |
19 | string | |
20 | string | |
21 | date | |
22 | string | |
23 | ipaddr | |
24 | string | |
26 | string | |
40 | integer | |
41 | integer | |
42 | integer | |
43 | integer | |
44 | string | |
45 | integer | |
46 | integer | |
47 | integer | |
48 |
Table 7-2 lists the dictionary of RADIUS IETF attributes.
| Attribute | Value | Type of Value |
|---|---|---|
1 | string | |
2 | string | |
3 | string | |
4 | integer | |
5 | integer | |
6 | integer | |
7 | integer | |
8 | integer | |
9 | integer | |
10 | integer | |
11 | integer | |
12 | integer | |
13 | integer | |
14 | integer | |
15 | integer | |
16 | integer | |
18 | string | |
19 | string | |
20 | string | |
22 | string | |
23 | integer | |
24 | string | |
25 | string | |
26 | string | |
Session-Timeout | 27 | integer |
28 | integer | |
29 | integer | |
30 | integer | |
31 | string | |
32 | string | |
33 | string | |
34 | string | |
35 | string | |
36 | string | |
37 | integer | |
38 | integer | |
39 | integer | |
40 | integer | |
41 | integer | |
42 | integer | |
43 | integer | |
44 | string | |
45 | integer | |
46 | integer | |
47 | integer | |
48 | integer | |
49 | integer | |
50 | string | |
51 | integer | |
61 | integer | |
62 | integer | |
63 |
Table 7-3 lists the dictionary of supported Ascend attribute-value pairs.
| Supported Attribute | Value | Type of Value |
|---|---|---|
| Dictionary of Ascend Attributes
&&Center&& | ||
1 | string | |
2 | string | |
3 | string | |
4 | ipaddr | |
5 | integer | |
6 | integer | |
7 | integer | |
8 | ipaddr | |
9 | ipaddr | |
10 | integer | |
11 | string | |
12 | integer | |
13 | integer | |
14 | ipaddr | |
15 | integer | |
16 | integer | |
17 | string | |
18 | string | |
19 | string | |
20 | string | |
21 | date | |
22 | string | |
23 | integer | |
24 | string | |
25 | string | |
26 | string | |
30 | string | |
31 | string | |
40 | integer | |
41 | integer | |
42 | integer | |
43 | integer | |
44 | string | |
45 | integer | |
46 | integer | |
47 | integer | |
48 | integer | |
| Support IP Address Allocation from Global Pools | ||
144 | ipaddr | |
145 | ipaddr | |
146 | string | |
| DHCP Server Functions | ||
147 | integer | |
148 | integer | |
| Connection Profile/Telco Option | ||
149 | integer | |
| Event Type for an Ascend-Event Packet | ||
Ascend-Event-Type | 150 | integer |
| RADIUS Server Session Key | ||
151 | string | |
| Multicast Rate Limit per Client | ||
152 | integer | |
| Connection Profile Fields to Support Interface-Based Routing | ||
153 | ipaddr | |
154 | ipaddr | |
| Multicast Support | ||
155 | integer | |
| Frame Datalink Profiles | ||
156 | string | |
157 | integer | |
158 | integer | |
159 | integer | |
160 | integer | |
161 | integer | |
162 | integer | |
163 | integer | |
164 | integer | |
165 | integer | |
166 | integer | |
167 | integer | |
168 | string | |
169 | integer | |
170 | integer | |
171 | integer | |
172 | integer | |
173 | integer | |
| IPX Static Routes | ||
174 | string | |
175 | integer | |
176 | string | |
177 | integer | |
178 | string | |
179 | integer | |
180 | string | |
181 | string | |
182 | string | |
183 | ipaddr | |
184 | string | |
185 | string | |
186 | integer | |
187 | integer | |
188 | integer | |
189 | ipaddr | |
190 | integer | |
191 | integer | |
192 | integer | |
193 | integer | |
194 | integer | |
195 | integer | |
196 | integer | |
197 | integer | |
198 | integer | |
199 | integer | |
200 | integer | |
201 | integer | |
202 | string | |
203 | string | |
204 | integer | |
205 | string | |
206 | string | |
| Radius Password Expiration Options | ||
207 | integer | |
208 | integer | |
209 | ipaddr | |
210 | integer | |
211 | integer | |
212 | integer | |
213 | string | |
214 | string | |
215 | string | |
216 | integer | |
217 | string | |
218 | integer | |
219 | integer | |
220 | string | |
221 | integer | |
222 | integer | |
223 | integer | |
224 | integer | |
225 | integer | |
226 | integer | |
227 | string | |
| Connection Profile/PPP Options | ||
228 | integer | |
229 | integer | |
230 | integer | |
231 | integer | |
232 | string | |
233 | integer | |
234 | integer | |
235 | integer | |
236 | integer | |
237 | integer | |
238 | integer | |
239 | integer | |
240 | integer | |
241 | integer | |
| Connection Profile/Session Options | ||
242 | abinary | |
243 | abinary | |
244 | integer | |
245 | integer | |
| Connection Profile/Telco Options | ||
246 | integer | |
247 | integer | |
248 | integer | |
249 | string | |
250 | integer | |
251 | string | |
| Terminal Server Attributes | ||
252 | string | |
| PPP Local Address Attribute | ||
253 | ipaddr | |
| MPP Percent Idle Attribute | ||
254 | ||
|
|