Attribute ID RequirementsSchema ExtensionCustom
Attribute
Authentication
Provider
Thevendor ID forthe Cisco
RADIUSimplementation is 009 and
thevendor ID forthe attribute is
001.
Thefollowing syntax example
showshow to specify multiples user
rolesand localesif you chooseto
createthe cisco-avpair attribute:
shell:roles="admin,aaa"
shell:locales="L1,abc".Use a
comma"," asthe delimiterto
separatemultiple values.
Optional.You can choose to do
eitherof the following:
• Do not extend the RADIUS
schemaand use an existing,
unusedattribute that meets
therequirements.
•Extendthe RADIUS schema
andcreate a custom attribute
witha unique name, such as
cisco-avpair.
OptionalRADIUS
Thecisco-av-pair name is the string
thatprovides the attribute ID for the
TACACS+provider.
Thefollowing syntax example
showshow to specify multiples user
rolesand localeswhen you create
thecisco-av-pair attribute:
cisco-av-pair=shell:roles="admin
aaa" shell:locales*"L1 abc".
Usingan asterisk(*) in the
cisco-av-pairattribute syntax flags
thelocale as optional,preventing
authenticationfailures for other
Ciscodevices that use thesame
authorizationprofile. Use aspace
asthe delimiter to separate multiple
values.
Required.You must extend the
schemaand create a custom
attributewith the name
cisco-av-pair.
RequiredTACACS+
Sample OID for LDAP User Attribute
Thefollowing is a sample OID for a custom CiscoAVPair attribute:
CN=CiscoAVPair,CN=Schema,
CN=Configuration,CN=X
objectClass: top
objectClass: attributeSchema
cn: CiscoAVPair
distinguishedName: CN=CiscoAVPair,CN=Schema,CN=Configuration,CN=X
instanceType: 0x4
uSNCreated: 26318654
attributeID: 1.3.6.1.4.1.9.287247.1
attributeSyntax: 2.5.5.12
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: CiscoAVPair
adminDescription: UCS User Authorization Field
oMSyntax: 64
Cisco UCS Manager GUI Configuration Guide, Release 2.0
OL-25712-04 133
User Attributes in Remote Authentication Providers