Chapter 6
Setting Up and Managing User Groups
Step 1
Step 2
Step 3
Step 4
Configuring Cisco Aironet RADIUS Settings for a User Group
78-14696-01, Version 3.1
To configure and enable Cisco IOS/PIX RADIUS attributes to be applied as an
authorization for each user in the current group, follow these steps:
Before you configure Cisco IOS/PIX RADIUS attributes, be sure your IETF
RADIUS attributes are configured properly. For more information about setting
IETF RADIUS attributes, see
Group, page
6-37.
For the Cisco attributes, determine the attributes to be authorized for the group by
selecting the check box next to the attribute, and then type the commands (such
as TACACS+ commands) to be packed as a RADIUS VSA.
To save the group settings you have just made, click Submit.
For more information, see
To continue specifying other group settings, perform other procedures in this
chapter, as applicable.
The Cisco Aironet RADIUS VSA appears only when both the following are true:
A AAA client has been configured to use RADIUS (Cisco Aironet) in
•
Network Configuration.
The group-level RADIUS (Cisco Aironet) attribute has been enabled in
•
Interface Configuration: RADIUS (Cisco Aironet).
The single Cisco Aironet RADIUS VSA, Cisco-Aironet-Session-Timeout, is a
specialized implementation of the IETF RADIUS Session-Timeout attribute (27).
When Cisco Secure ACS responds to an authentication request from a Cisco
Aironet Access Point and the Cisco-Aironet-Session-Timeout attribute is
configured, Cisco Secure ACS sends to the wireless device this value in the IETF
Session-Timeout attribute. The Cisco Aironet RADIUS VSA enables you to
provide one session timeout value for wireless end-user clients and a different
session timeout value for wired end-user clients.
Configuration-specific User Group Settings
Configuring IETF RADIUS Settings for a User
Saving Changes to User Group Settings, page
User Guide for Cisco Secure ACS for Windows Server
6-53.
6-39