Attribute ID RequirementsSchema ExtensionCustom
Attribute
Authentication
Provider
The vendor ID for the Cisco
RADIUS implementation is 009 and
the vendor ID for the attribute is
001.
The following syntax example
shows how to specify multiples user
roles and locales if you choose to
create the cisco-avpair attribute:
shell:roles="admin,aaa"
shell:locales="L1,abc". Use a
comma "," as the delimiter to
separate multiple values.
Optional. You can choose to do
either of the following:
• Do not extend the RADIUS
schema and use an existing,
unused attribute that meets
the requirements.
• Extend theRADIUS schema
and create a custom attribute
with a unique name, such as
cisco-avpair.
OptionalRADIUS
The cisco-av-pair name is the string
that provides the attribute ID for the
TACACS+ provider.
The following syntax example
shows how to specify multiples user
roles and locales when you create
the cisco-av-pair attribute:
cisco-av-pair=shell:roles="admin
aaa" shell:locales*"L1 abc".
Using an asterisk (*) in the
cisco-av-pair attribute syntax flags
the locale as optional, preventing
authentication failures for other
Cisco devices that use the same
authorization profile. Use a space
as the delimiter to separate multiple
values.
Required. You must extend the
schema and create a custom
attribute with the name
cisco-av-pair.
RequiredTACACS+
Sample OID for LDAP User Attribute
The following is a sample OID for a custom CiscoAVPair attribute:
CN=CiscoAVPair,CN=Schema,
CN=Configuration,CN=X
objectClass: top
objectClass: attributeSchema
cn: CiscoAVPair
distinguishedName: CN=CiscoAVPair,CN=Schema,CN=Configuration,CN=X
instanceType: 0x4
uSNCreated: 26318654
attributeID: 1.3.6.1.4.1.9.287247.1
attributeSyntax: 2.5.5.12
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: CiscoAVPair
adminDescription: UCS User Authorization Field
oMSyntax: 64
Cisco UCS Manager GUI Configuration Guide, Release 2.0
OL-25712-04 133
User Attributes in Remote Authentication Providers