Custom VSA Example

  • Article

Applies To: Windows Server 2008

Custom VSA example

This topic provides an example of how to configure a custom vendor-specific attribute (VSA) that conforms to the format for vendor-specific attributes (type 26) that is specified in RFC 2865.

The following table lists the values that are used to configure a Cisco VSA to specify a primary DNS server with an IP address of 10.10.10.10.

Information Description

Vendor ID

This is the unique ID for Cisco. When you select Cisco as the network access server vendor, this ID (9) is automatically supplied.

Cisco-assigned attribute number

This is the vendor-type number (1) for VSAs that take the attribute-value pair form, specified in Cisco documentation as cisco-avpair.

Syntax

If the attribute is mandatory, the syntax is Protocol:Attribute Value. If the attribute is optional, the attribute-value pair is separated by an asterisk (*) instead of an equal sign (=). In this example, Protocol is a value of the Cisco protocol attribute for a type of authorization. Attribute and Value represent an appropriate attribute/value (AV) pair defined in the Cisco TACACS+ specification. This allows the full set of features available for TACACS+ authorization to be used for RADIUS. The Cisco format, used to specify a primary DNS server, is ip:dns-servers=10.10.10.10.

Configuring the custom VSA

To configure the custom VSA and specify the primary DNS server of 10.10.10.10, configure an RFC-compliant VSA.

To configure the custom VSA

  1. Open the Network Policy Server console, double-click Policies,and then double-click Network Policies. Double-click the policy to which you want to add a custom VSA. The policy properties dialog box opens.

  2. In policy properties, click Settings, and then click Vendor Specific. In the details pane, click Add. The Add Vendor Specific Attribute dialog box opens.

  3. In Vendor, select Custom, and then click Add. The Attribute Information dialog box opens.

  4. Click Add. The Vendor-Specific Attribute Information dialog box opens. In Specify network access server vendor, in Select from list, select Cisco.

  5. In Specify whether the attribute conforms to the RADIUS RFC specification for vendor specific attributes, click Yes, it conforms.

  6. Click Configure Attribute. The Configure VSA (RFC Compliant) dialog box opens.

  7. In Vendor-assigned attribute number, type 1.

  8. In Attribute format, select String.

  9. In Attribute Value, type ip:dns-servers=10.10.10.10.

See Also

Concepts

Vendor-Specific Attributes in NPS
Configure a Custom VSA