Specifications
Configuring per-User Configuration
How to Configure a AAA Server for Per-User Configuration
DC-687
Cisco IOS Dial Technologies Configuration Guide
}
user = joe { # joe uses the group password.
member = "staff"
}
user = pete { # pete has his own password.
member = "staff"
password = des "alkd9Ujiqp2y"
}
user = anita {
# Use the "default" user password mechanism defined above.
service = shell {
cmd = telnet { # Allow Telnet to any destination
}
}
}
For more information about the requirements and details of configuring the CiscoSecure server, see the
CiscoSecure UNIX Server User Guide.
Configuring a RADIUS Server for Per-User Configuration
On a RADIUS server, the format of an entry in the users file includes the following lines in order:
• Username and password
• User service type
• Framed protocol
• One or more AV pairs
Note All these AV pairs are vendor specific. To use them, RADIUS servers must support the use of
vendor-specific AV pairs. Patches for some servers are available from the Cisco Consulting
Engineering (CE) customer-support organization.
The structure of an AV pair for Cisco platforms starts with cisco-avpair followed by a space, an equal
sign, and another space. The rest of the line is within double quotation marks and, for all lines but the
last, ends with a comma. Inside the double quotation marks is a phrase indicating the supported attribute,
another equal sign, and a Cisco IOS command. The following examples show two different partial user
configurations on a RADIUS server.
Router1
Password = "welcome"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
cisco-avpair = “ip:route=10.0.0.0 255.0.0.0”,
cisco-avpair = “ip:route=10.1.0.0 255.0.0.0”,
cisco-avpair = “ip:route=10.2.0.0 255.0.0.0”,
cisco-avpair = “ip:inacl#5=deny 10.5.0.1”
Router2
Password = "lab"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
cisco-avpair = "ip:addr-pool=bbb"