Users Guide

Security Commands 965

Syntax

radius server vsa send authentication

no radius server vsa send authentication

Default Configuration

By default, VSA Attribute 26, Vendor ID 9, and Vendor type 9 are not

processed by the switch.

Command Mode

Global Configuration mode

User Guidelines

This command does not affect processing of any VSA’s other than VSA 26,

Vendor ID 9, Vendor type 9, Sub-type 1. It does not affect processing of Voice

VLAN or Admin/Login.

Predefined ACL Selection using VSA Attribute 26

This method selects an ACL that is already configured on the switch. The

extended-access-control-list-name is the name of an existing ACL pre-

configured on the switch. The ACL need not be statically pre-configured on

the port prior to RADIUS configuring the ACL on the port prior to

authorizing the port (it would be removed in any case as statically configured

ACLs on a port are removed prior to configuring a dynamic ACL).

ip:inacl={ extended-access-control-list-name }

ipv6:inacl={ extended-access-control-list-name }

• The ip token indicates an IPv4 ACL name follows the equals sign.

• The IPv6 token indicates an IPv6 ACL name follows the equals sign.

• The extended-access-control-list-name token identifies an IP/IPv6

Extended ACL Name of an existing ACL. The name is case sensitive.

• The tokens ip:inacl and ipv6:inacl are in lower case and are followed by an

equals sign with no intervening white space.

Different authentication sessions, as in the case of the data and voice VLAN

authenticating independently, may both have Dynamic ACLs. It is

recommended that the DACLs be carefully designed so that they work in