Users Guide

Authentication, Authorization, and Accounting 265

Which RADIUS Attributes Does the Switch Support?

Table 9-6 lists the RADIUS attributes that the switch supports and indicates

whether the 802.1X feature, User Manager feature, or Captive Portal feature

supports the attribute. The RADIUS administrator must configure these

attributes on the RADIUS server(s) when utilizing the switch RADIUS

service and may also need to enable processing of the specific attribute on the

switch. Only one of the NAS-IP-Address or the NAS-Identifier may be sent in

an Access-Request message. The switch relies on IP Device Tracking (IPDT)

to populate the RADIUS Framed-IP-Address attribute and to modify the IP

source address in received Dynamic ACLs. Enable DHCP Snooping and

IPDT to support transmission of the Framed-IP-Address in RADIUS Access-

Request packets and the update of Dynamic ACLs.

Table 9-6. Supported RADIUS Attributes

Type RADIUS Attribute Name 802.1X User Manager Captive Portal

1 User-Name Yes Yes No

2 User-Password Yes Yes No

3 CHAP-Password Yes No No

4 NAS-IP-Address Yes Yes No

5 NAS-Port Yes No No

6 Service-Type Yes Yes No

8 Framed-IP-Address Auth. only Yes No

11 Filter-ID Yes No No

12 Framed-MTU Yes No No

15 Login-Service No Yes No

18 Reply-Message Auth. only Yes No

24 State Yes Yes No

25 Class Yes Yes No

26 Vendor-Specific Yes Yes Yes

27 Session-Timeout Yes No Yes

28 Idle-Timeout No No Yes

29 Termination-Action Yes No No