Specifications
Supported Standard and Extended Attributes
C-2 Supported RADIUS Attributes
Supported Standard and Extended Attributes
TheRADIUSattributesshowninTable C‐1aresentbyRoamAboutswitchestoRADIUS servers
duringauthenticationand accounting.
Table C-1 801.1X Attributes
Attribute Type
Rcv in
Access
Resp?
Sent in
Access
Reqst?
Sent in
Acct
Reqst?
Description and Values
User-Name 1 No Yes Yes String. Name of the user to be authenticated.
Used only in Request packets.
User-Password 2 No Yes No Password of the user to be authenticated,
unless a CHAP-Password is used.
CHAP-
Password
3 No Yes No Password of the user to be authenticated,
unless a User-Password is used.
NAS-IP-
Address
4 No Yes Yes IP address sent by the RAS.
Service-Type 5 No Yes Yes Access type, which can be one of the following:
• 2—Framed; for network user access
• 6—Administrative; for administrative access
to the RAS, with authorization to access the
enabled (configuration) mode. The user must
enter the enable command and the correct
enable password to access the enabled
mode.
• 7—NAS-Prompt; for administrative access to
the nonenabled mode only. In this mode, the
user can still enter the enable command and
the correct enable password to access the
enabled mode.
For administrative sessions, the RAS
always
sends 6 (Administrative).
The RADIUS server can reply with one of the
values listed above.
If the service-type is not set on the RADIUS
server, administrative users receive NAS-
Prompt access, and network users receive
Framed access.
Note: MSS will quietly accept Callback Framed
but you cannot select this access type in MSS.
Filter-Id 11 Yes No Optional Name of an access control list (ACL) to filter
outbound or inbound traffic. Use the form
ACL name.in and ACL name.out. (For details,
see Chapter 15, Configuring and Managing
Security ACLs.)
Reply-
Message
18 Yes No No String. Text that can be displayed to the user.
Multiple Reply-Messages can be included. If
any are displayed, they must appear in the
order in which they appear in the packet.