cancel
Showing results for 
Search instead for 
Did you mean: 

What RADIUS attribute to send is needed when adding a Cisco ASA to the NAC appliance for AAA Mangement Access?

What RADIUS attribute to send is needed when adding a Cisco ASA to the NAC appliance for AAA Mangement Access?

Pierre_Demassey
New Contributor II
I am trying to add a Cisco ASA to the NAC appliance for RADIUS Management Access. I started by enabling SNMP between the ASA and NetSight Console. But in order to add the ASA to the NAC appliance, I need to specify a RADIUS attribute to send. What do I need to put?
10 REPLIES 10

Ronald_Dvorak
Honored Contributor
I could be wrong but after reading this...

https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrdat1.html

...I wonder whether you could use RADIUS attribute "cisco-avpair= "shell:priv-lvl=%CUSTOM2%"" and then make more then one rule with different custom#2 values to represent the privilege levels ?!

-Ron

I was just thinking out loud but never tried it with any C device.

StephanH
Valued Contributor III
Hmm Ronald,

this granular settings you mentioned works with Cisco Prime and I can switch different user groups and view, but not with Cisco ASA. Maybe I did a mistake but my mentioned setting work for me and my customer and so I did no more investigations .

Regards Stephan

Thanks, I'll see if that can work. I'll report back.

67dab6514e0f47acbf68006887c3bd04_RackMultipart20180117-59112-1e4g2bo-Cisco_VSA_inline.png


GTM-P2G8KFN