Chapter6 Setting Up and Managing User Groups
Configuration-specific User Group Settings
6-36
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Configuring Cisco IOS/PIX RADIUS Settings for a User Group The Cisco IOS/PIX RADIUS parameters appear only when both the following
are true:
•A AAA client has been configured to use RADIUS (Cisco IOS/PIX) in
Network Configuration.
•Group-level RADIUS (Cisco IOS/PIX) attributes have been enabled in
Interface Configuration: RADIUS (Cisco IOS/PIX).
Cisco IOS/PIX RADIUS represents only the Cisco VSAs. You must configure
both the IETF RADIUS and Cisco IOS/PIX RADIUS attributes.
Note To hide or display Cisco IOS/PIX RADIUS attributes, see the “Setting
Protocol Configuration Options for RADIUS (Cisco IOS/PIX)” section on
page 3-14.
To configure and enable Cisco IOS/PIX RADIUS attributes to be applied as an
authorization for each user in the current group, follow these steps:
Step 1 Before you configure Cisco IOS/PIX RADIUS attributes, be sure your IETF
RADIUS attributes are configured properly. For more information about setting
IETF RADIUS attributes, see the “Configuring IETF RADIUS Settings for a User
Group��� section on page 6-34.
Step 2 For the Cisco attributes, determine the attributes to be authorized for the group by
selecting the check box next to the attribute, and then type the commands (such
as TACACS+ commands) to be packed as a RADIUS VSA.
Step 3 To save the group settings you have just made, click Submit.
For more information, see the “Saving Changes to User Group Settings” section
on page 6-50.
Step 4 To continue specifying other group settings, perform other procedures in this
chapter, as applicable.