1-26
Cisco ASA Series CLI Configuration Guide
Appendix 1 Configuring an External Server for Authorization and Authentication
Configuring an External RADIUS Server
Figure 1-12 Active Directory Properties Dialog Box
Step 3 Create an attribute map.
The following example shows how to create the attribute map access_hours and map the AD attribute
physicalDeliveryOfficeName used by the Office field to the Cisco attribute Access-Hours.
hostname(config)# ldap attribute-map access_hours
hostname(config-ldap-attribute-map)# map-name physicalDeliveryOfficeName Access-Hours
Step 4 Associate the LDAP attribute map to the AAA server.
The following example enters the aaa server host configuration mode for the host 10.1.1.2, in the AAA
server group MS_LDAP, and associates the attribute map access_hours that you created in Step 3:
hostname(config)# aaa-server MS_LDAP host 10.1.1.2
hostname(config-aaa-server-host)# ldap-attribute-map access_hours
Step 5 Configure time ranges for each value allowed on the server.
The following example configures Partner access hours from 9am to 5pm Monday through Friday:
hostname(config)# time-range Partner
hostname(config-time-range)# periodic weekdays 09:00 to 17:00
Configuring an External RADIUS Server
This section presents an overview of the RADIUS configuration procedure and defines the Cisco
RADIUS attributes. It includes the following topics:
• Reviewing the RADIUS Configuration Procedure, page 1-27
• ASA RADIUS Authorization Attributes, page 1-27
• ASA IETF RADIUS Authorization Attributes, page 1-37
• RADIUS Accounting Disconnect Reason Codes, page 1-37
To Next Page
Loading...
