Support User Manuals

Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

8-67

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Configuring Directory Attributes

When a RADIUS identity server responds to a request, RADIUS attributes are returned along with the

response. You can make use of these RADIUS attributes in policy rules.

In the Directory Attributes tab, you can specify the RADIUS attributes that you use in policy rule

conditions. ACS maintains a separate list of these attributes.

Step 1 Modify the fields in the Directory Attributes tab as described in Table 8-17.

Step 2 Do either of the following:

• Click Submit to save your changes and return to the RADIUS Identity Servers page.

• Click the Advanced tab to configure failure message handling and to enable identity caching. See

Configuring Advanced Options, page 8-68 for more information.

Related Topics

• RADIUS Identity Stores, page 8-60

• Creating, Duplicating, and Editing RADIUS Identity Servers, page 8-63

• Configuring General Settings, page 8-64

Table 8-17 RADIUS Identity Servers - Directory Attributes Tab

Option Description

Attribute List Use this section to create the attracted list to include in policy conditions. As you include each

attribute, its name, type, default value, and policy condition name appear in the table. To:

• Add a RADIUS attribute, fill in the fields below the table and click Add.

• Edit a RADIUS attribute, select the appropriate row in the table and click Edit. The RADIUS

attribute parameters appear in the fields below the table. Edit as required, then click Replace.

Dictionary Type RADIUS dictionary type. Click the drop-down list box to select a RADIUS dictionary type.

RADIUS Attribute Name of the RADIUS attribute. Click Select to choose the RADIUS attribute. This name is

composed of two parts: The attribute name and an extension to support AV-pairs if the attribute

selected is a Cisco AV-Pair.

For example, for an attribute, cisco-av-pair with an AV-pair name some-avpair, ACS displays

cisco-av-pair.some-avpair.

IETF and vendor VSA attribute names contain an optional suffix, -nnn, where nnn is the ID of the

attribute.

Type RADIUS attribute type. Valid options are:

• String

• Unsigned Integer 32

• IPv4 Address

Default (Optional) A default value that can be used if the attribute is not available in the response from the

RADIUS identity server. This value must be of the specified RADIUS attribute type.

Policy Condition Name Specify the name of the custom policy condition that uses this attribute.

previous next