Understanding and Creating Attribute SetsUsing the 8950 AAA Policy Assistant in Server
Management Tool
................................................................................................................................... .........................................................................................................................
365-360-001R6.0
Issue 1, December 2008 9-17
.................................................................................................................................... ........................................................................................................................
The 8950 AAA server supports session provisioning by returning reply attributes to the NAS upon a successful authentication. Reply attributes, stored in a attribute set, or possibly a user profile, provide additional parameters the NAS needs to complete an access request. By including appropriate reply attributes in a policy, a variety of connection configurations can be applied. For example, a user can be assigned a specific IP addresses, IP header compression can be turned on or off, or a time limit can be assigned to the connection. Tabl e 9-2 lists attributes allowed in an Access-Accept that are commonly used as reply attributes.
Time-Of-Day Define allowed access times by
day-of-week and/or hour-of-day. Time-Of-Day = Wk0800-
1700
Table 9-2 List of Attributes allowed in an Access–Accept available as Reply
Attributes
Attribute Name Description Required Max
User-Name Sets the User-Name for the
session. Use if the NAS should
send accounting for a name other
than the name used for
authentication
No 1
Service-Type The type of protocol. Typically set
to “Framed-Protocol” for IP
networks.
No 1
Framed-Protocol The framing protocol to be used,
typically PPP. No 1
Framed-IP-Address Assigns an IP Address for the
session No 1
Framed-IP-Netmask Assigns a Netmask for the session No 1
Filter-Id Sets an IP filter to use for the
session. The filter must have been
defined or be available to the
NAS.
No No limit
Figure 9-9 Sample List of Verification Attributes
Attribute Name
Description of Use of this
Attribute as a Verification
Attribute Example