Specifications
Configuring per-User Configuration
Per-User Configuration Overview
DC-684
Cisco IOS Dial Technologies Configuration Guide
Table 38 provides examples for each attribute on an AAA TACACS+ server.
Table 39 provides examples for each attribute on an AAA RADIUS server.
Table 38 TACACS+ Server AV Pair Examples for Each Attribute
Attribute TACACS+ Server Examples
inacl#
IP:
inacl#3="permit ip any any precedence immediate"
inacl#4="deny igrp 10.0.1.2 255.255.0.0 any"
IPX:
inacl#1="deny 3C01.0000.0000.0001"
inacl#2="deny 4C01.0000.0000.0002"
outacl#
outacl#2="permit ip any any precedence immediate"
outacl#3="deny igrp 10.0.9.10 255.255.0.0 any"
rte-fltr-in#
IP:
rte-fltr-in#1="router igrp 60"
rte-fltr-in#3="permit 10.0.3.4 255.255.0.0"
rte-fltr-in#4="deny any"
IPX:
rte-fltr-in#1="deny 3C01.0000.0000.0001"
rte-fltr-in#2="deny 4C01.0000.0000.0002"
rte-fltr-out#
rte-fltr-out#1="router igrp 60"
rte-fltr-out#3="permit 10.0.5.6 255.255.0.0"
rte-fltr-out#4="permit any"
route#
IP:
route#1="10.0.0.0 255.0.0.0 1.2.3.4"
route#2="10.1.0.0 255.0.0.0"
IPX:
route#1="4C000000 ff000000 10.12.3.4"
route#2="5C000000 ff000000 10.12.3.5"
sap#
sap#1="4 CE1-LAB 1234.0000.0000.0001 451 4"
sap#2="5 CE3-LAB 2345.0000.0000.0001 452 5"
sap-fltr-in#
sap-fltr-in#1="deny 6C01.0000.0000.0001"
sap-fltr-in#2="permit -1"
sap-fltr-out#
sap-fltr-out#1="deny 6C01.0000.0000.0001"
sap-fltr-out#2="permit -1"
pool-def#
pool-def#1 = "aaa 10.0.0.1 1.0.0.3"
pool-def#2 = "bbb 10.1.0.1 2.0.0.10"
pool-def#3 = "ccc 10.2.0.1 3.0.0.20"
pool-timeout
pool-timeout=60
Table 39 RADIUS Server AV Pair Examples for Each Attribute
Attribute RADIUS Server Examples
lcp:interface-config
1
cisco-avpair = "lcp:interface-config=ip address 10.0.0.0
255.255.255.0",
inacl#
cisco-avpair = "ip:inacl#3=permit ip any any precedence
immediate",
cisco-avpair = "ip:inacl#4=deny igrp 10.0.1.2 255.255.0.0 any",