Sample VSA for a Cisco NAS

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Sample VSA for a Cisco NAS

This sample Cisco vendor-specific attribute conforms to the format for vendor-specific attributes (type 26) that is specified in RFC 2865.

The following table lists the information used to configure a Cisco VSA to specify a primary DNS server with an IP address of 10.10.10.10.

Information Description

Vendor ID

This is the unique ID for Cisco. When you select Cisco as the network access server vendor, this ID (9) is automatically supplied.

Cisco-assigned attribute number

This is the vendor-type number (1) for vendor-specific attributes that take the attribute-value pair form, specified in Cisco documentation as cisco-avpair.

Syntax

If the attribute is mandatory, the syntax is Protocol:Attribute = Value. If the attribute is optional, the attribute-value pair is separated by an asterisk (*) instead of an equal sign (=). In this example, Protocol is a value of the Cisco protocol attribute for a specific type of authorization. Attribute and Value represent an appropriate attribute/value (AV) pair defined in the Cisco TACACS+ specification. This allows the full set of features available for TACACS+ authorization to be used for RADIUS. The Cisco format, used to specify a primary DNS server, is ip:dns-servers=10.10.10.10.

To specify the primary DNS server of 10.10.10.10, configure an RFC-compliant VSA:

  1. Open the IAS console. To open the IAS console, click Start, click Control Panel, double-click Administrative Tools, and then double-click Internet Authentication Service.

  2. In the console tree, click Remote Access Policies.

  3. Right-click the policy for which you want to configure a vendor-specific attribute (VSA), and then click Properties.

  4. Click Edit Profile, click the Advanced tab, and then click Add.

  5. In the Add Attribute dialog box, scroll the Attribute list and double-click Vendor-Specific. The Multivalued Attribute Information dialog box opens. Click Add.

  6. The Vendor-Specific Attribute Information dialog box opens. In Select from list, select Cisco as the network access server vendor, and then click Yes, it conforms.

  7. Click Configure Attribute. The Configure VSA (RFC-compliant) dialog box opens.

  8. In Vendor-assigned attribute number, type 1.

  9. In Attribute format, select String.

  10. In Attribute Value, type ip:dns-servers=10.10.10.10.

For more information, see Configure vendor-specific attributes for a remote access policy. For more information about Cisco VSAs, see your Cisco documentation.