|
This appendix contains the RADIUS dictionary for freeware RADIUS servers and the RADIUS dictionary for CiscoSecure Access Control Server (ACS) and Cisco User Control Point (UCP).
The following text is the contents of the Cisco 6510 dictionary for freeware RADIUS Servers:
# -----------------------------------------------------------------------
# Cisco 6510 Service Selection Gateway
# Version 1.0(1)
# -----------------------------------------------------------------------
#
-----------------------------------------------------------------------
# Cisco Connection Online (CCO) April 7, 1998
# -----------------------------------------------------------------------
#
-----------------------------------------------------------------------
# 6510 Service Selection Gateway RADIUS Dictionary Profile for
# Freeware RADIUS Server
# -----------------------------------------------------------------------
#
# Cisco 6510 SSG v1.0 RADIUS dictionary
#
# This dictionary is designed for and only intended to be
# used with the Cisco 6510 Service Selection Gateway
# Version 1.0. It contains a minimal set of RADIUS
# Attribute Value Pair definitions which is not sufficient
# for use with a typical Network Access Server.
#
# This file can be used as a dictionary file replacement for
# a shareware/freeware RADIUS AAA Server when the RADIUS
# client is the Cisco 6510 Service Selection Gateway.
#
# It is important to note that if you decide to use a Freeware
# RADIUS Server with the 6510 Service Selection Gateway, it must
# support Vendor Specific Attributes in both Access-Requests and
# Accounting-Requests.
#
ATTRIBUTE User-Name 1 string
ATTRIBUTE Password 2 string
ATTRIBUTE NAS-Identifier 4 ipaddr
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE Framed-Address 8 ipaddr
ATTRIBUTE Reply-Message 18 string
ATTRIBUTE Class 25 string
ATTRIBUTE Vendor-Specific 26 string
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Proxy-State 33 string
ATTRIBUTE Acct-Status-Type 40 integer
ATTRIBUTE Acct-Input-Octets 42 integer
ATTRIBUTE Acct-Output-Octets 43 integer
ATTRIBUTE Acct-Session-Id 44 string
ATTRIBUTE Acct-Authentic 45 integer
ATTRIBUTE Acct-Session-Time 46 integer
ATTRIBUTE Acct-Terminate-Cause 49 integer
#
VENDORATTR 9 Cisco-AVPair 1 string
VENDORATTR 9 Account-Info 250 string
VENDORATTR 9 Service-Info 251 string
VENDORATTR 9 Command-Code 252 string
#
# Integer Translations
#
#
# User Types
#
VALUE Service-Type Framed 2
VALUE Service-Type Outbound 5
#
# Status Types
#
VALUE Acct-Status-Type Start 1
VALUE Acct-Status-Type Stop 2
VALUE Acct-Status-Type Accounting-On 7
VALUE Acct-Status-Type Accounting-Off 8
#
# Authentication Types
#
VALUE Acct-Authentic RADIUS 1
#
# Termination Causes
#
VALUE Acct-Terminate-Cause User-Request 1
VALUE Acct-Terminate-Cause Lost-Carrier 2
VALUE Acct-Terminate-Cause Lost-Service 3
VALUE Acct-Terminate-Cause Session-Timeout 5
VALUE Acct-Terminate-Cause Admin-Reboot 7
VALUE Acct-Terminate-Cause Host-Request 18
The following text is the contents of the Cisco 6510 dictionary for CiscoSecure ACS and Cisco UCP:
-----------------------------------------------------------------------
Cisco 6510 Service Selection Gateway
Version 1.0(1)
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Cisco Connection Online (CCO) April 7, 1998
-----------------------------------------------------------------------
-----------------------------------------------------------------------
6510 Service Selection Gateway RADIUS Dictionary Profile for
CiscoSecure UNIX 2.2(2) and above
User Control Point 1.0 and above
-----------------------------------------------------------------------
The following profile can be imported into CiscoSecure UNIX to use as a
RADIUS dictionary with the 6510 Service Selection Gateway.
An example of how to import the profile into CiscoSecure UNIX using the
DBClient tool from CS UNIX is below the profile.
-------------------------------- BEGIN PROFILE ------------------------
user = DICTIONARY.6510-SSG-v1.0 {
1=User-Name string none
2=Password string check
4=NAS-IP-Address ipaddr check
6=Service-Type enum check {
2=Framed
5=Outbound
}
8=Framed-Address ipaddr check
18=Reply-Message string none
25=Class string none
27=Session-Timeout integer reply
33=Proxy-State string none
40=Acct-Status-Type enum none {
1=Start
2=Stop
7=Accounting-On
8=Accounting-Off
}
42=Acct-Input-Octets integer none
43=Acct-Output-Octets integer none
44=Acct-Session-Id string none
45=Acct-Authentic enum none {
1=RADIUS
}
46=Acct-Session-Time integer none
49=Acct-Terminate-Cause enum none {
1=User-Request
2=Lost-Carrier
3=Lost-Service
5=Session-Timeout
7=Admin-Reboot
18=Host-Request
}
200=Token-Immediate enum check {
0=Tok-Imm-No
1=Tok-Imm-Yes
}
9,1=Cisco-AVPair string reply
9,250=Account-Info string reply
9,251=Service-Info string reply
9,252=Command-Code string none
}
--------------------------------- END PROFILE -------------------------
The following is an example of how to properly place the dictionary into
the CiscoSecure database using the DBClient tool from CS UNIX
($BASEDIR/DBClient/DBClient).
/* */
/* First use DBClient to import the dictionary profile into CS UNIX. */
/* */
# /cs/DBClient/DBClient -p 9900
Username: superuser
Password:
Request Types:
create, delete, update, replace, get, lock, unlock, query,
insert_accounting, get_accounting, admin_Commands, is_unlock, exit
Request type: create
Data(create): (to quit type: <ENTER>)
user = DICTIONARY.6510-SSG-v1.0 {
1=User-Name string none
2=Password string check
4=NAS-IP-Address ipaddr check
6=Service-Type enum check {
2=Framed
5=Outbound
}
8=Framed-Address ipaddr check
18=Reply-Message string none
25=Class string none
27=Session-Timeout integer reply
33=Proxy-State string none
40=Acct-Status-Type enum none {
1=Start
2=Stop
7=Accounting-On
8=Accounting-Off
}
42=Acct-Input-Octets integer none
43=Acct-Output-Octets integer none
44=Acct-Session-Id string none
45=Acct-Authentic enum none {
1=RADIUS
}
46=Acct-Session-Time integer none
49=Acct-Terminate-Cause enum none {
1=User-Request
2=Lost-Carrier
3=Lost-Service
5=Session-Timeout
7=Admin-Reboot
18=Host-Request
}
200=Token-Immediate enum check {
0=Tok-Imm-No
1=Tok-Imm-Yes
}
9,1=Cisco-AVPair string reply
9,250=Account-Info string reply
9,251=Service-Info string reply
9,252=Command-Code string none
}
Requesting Command: create
Response:
Response Type:SUCCESS
Response Data Size: 71
Response Data:
user = DICTIONARY.6510-SSG-v1.0 {
profile_cycle = 1
profile_id = 501
}
---End of Response---
/* */
/* Next use DBClient to get a copy of the DICTIONARY_LIST profile */
/* */
Request Types:
create, delete, update, replace, get, lock, unlock, query,
insert_accounting, get_accounting, admin_Commands, is_unlock, exit
Request type: get
Data(get): (to quit type: <ENTER>)
user=DICTIONARY_LIST
Requesting Command: get
Response:
Response Type:SUCCESS
Response Data Size: 130
Response Data:
user = DICTIONARY_LIST{
profile_id = 5
profile_cycle = 2
DICTIONARY.IETF
DICTIONARY.Cisco
DICTIONARY.Ascend
}
---End of Response---
/* */
/* Next copy from the profile you got in the last step and paste it */
/* to the Data portion of the replace DBClient command while adding */
/* a new entry for "DICTIONARY.6510-SSG-v1.0". */
/* */
Request Types:
create, delete, update, replace, get, lock, unlock, query,
insert_accounting, get_accounting, admin_Commands, is_unlock, exit
Request type: replace
Data(replace): (to quit type: <ENTER>)
user = DICTIONARY_LIST{
profile_id = 5
profile_cycle = 2
DICTIONARY.IETF
DICTIONARY.Cisco
DICTIONARY.Ascend
DICTIONARY.6510-SSG-v1.0
}
Requesting Command: replace
Response:
Response Type:SUCCESS
Response Data Size: 60
Response Data:
user = DICTIONARY_LIST {
profile_cycle = 3
profile_id = 5
}
---End of Response---
/* */
/* If you want, use the get command to get both the dictionary */
/* profile (DICTIONARY.6510-SSG-v1.0) and the dictionary list */
/* profile (DICTIONARY_LIST) to make sure they look correct */
/* */
|