How to configure vendor-specific attributes for a remote access policy in Windows 2000

Article translations Article translations
Article ID: 319824 - View products that this article applies to.
This article was previously published under Q319824
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Summary

This step-by-step article describes how to configure vendor specific attributes for Network Address Server (NAS) clients in an Internet Authentication Service (IAS) remote access policy.

You can use a server that is running IAS to provide Remote Authentication Dial-In User Service (RADIUS) authentication and accounting for remote access to the domain. However, many vendors include features that are specific to their NAS. To turn on the functionality of these features, customize the remote access policy on the IAS server.

How to configure vendor-specific attributes

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.
  2. Click Remote Access Policies.
  3. Right-click the remote access policy that you want to configure in the right pane, and then click Properties.
  4. Click Edit Profile, click the Advanced tab, and then click Add.
  5. If the vendor-specific attribute is displayed in the RADIUS attributes list:
    1. Double-click the vendor-specific attribute that you want to configure. For example, double-click Cisco-AV-Pair.
    2. Click Add.
    3. Type the value for the attribute in the Attribute value box, and then click OK.

      Note See the product documentation to obtain a list of values for the attributes.For information about how to contact computer hardware manufacturers, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:
      65416 Hardware and software vendor contact information, A-K

      60781 Hardware and software vendor contact information, L-P

      60782 Hardware and software vendor contact information, Q-Z
    4. Click OK, and then click Close.
  6. If the vendor-specific attribute is not displayed in the RADIUS attributes list:
    1. Double-click Vendor-Specific.
    2. Click Add, and then perform one of the following tasks:
      • Click Select from list, and then click the NAS vendor for your product. For example, to select the vendor for Microsoft Routing and Remote Access, click Microsoft.

        -or-
      • Click Enter Vendor Code, and then type the vendor-specific code for your product. For a list of SMI Network Management Private Enterprise Codes, please visit the following Information Sciences Institute (ISI) Web site:
        http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
  7. If the attribute follows RADIUS Request for Comment (RFC) specifications, click Yes. It conforms, click Configure Attribute, type the attribute information in the corresponding boxes, and then click OK.
  8. If the attribute does not follow RADIUS RFC specifications, click No. It does not conform, click Configure Attribute, type the hexadecimal attribute value in the corresponding box, and then click OK.
  9. Click OK.
  10. In the Multivalued Attribute Information dialog box, list the attribute values in the order that you want them to apply.

    To do so, click an attribute, and then click Move Up or Move Down to arrange its order in the list. Attributes that are displayed earlier in the list are applied before attributes that are displayed later in this list.

    For example, if you are using a filtering attribute that automatically disconnects users who do not satisfy specific criteria, Microsoft recommends that you make sure that this attribute is displayed at the top of the list.
  11. Click OK, and then click Close.
  12. Click OK, and then click OK.
  13. Quit the IAS snap-in.

Example

The following example describes how to configure a Cisco attribute to specify a primary DNS server. The Cisco attribute to specify a primary DNS server is similar to the following attribute, where IP address is the Internet Protocol (IP) address in the dotted decimal format (for example, 10.10.10.10):
ip:dns-servers=IP address
To specify the primary DNS server:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Service Manager.
  2. Click Remote Access Policies.
  3. Right-click the remote access policy that you want to configure in the right pane, and then click Properties.
  4. Click Edit Profile, click the Advanced tab, and then click Add.
  5. In the RADIUS attributes list, double-click Vendor-Specific, and then click Add.
  6. Click Select from list (if it is not already selected), and then click Cisco in the Specify network access server vendor list.
  7. Click Yes. It conforms, and then click Configure Attribute.
  8. In the Vendor-assigned attribute number box, type 1.

    NOTE: This value is the Cisco number for their vendor-specific attributes that take the "attribute-value" pair form. Cisco refers to this form as "cisco-avpair."
  9. In the Attribute value box, type ip:dns-servers=10.10.10.10 (where 10.10.10.10 is the IP address of the primary DNS server).

    For additional information about Cisco DNS server attributes, please visit the following Cisco Web site:
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_4/dnsserv.htm
  10. Click OK, click OK, click OK, and then click Close.
  11. Click OK, click OK, and then quit the IAS snap-in.

References

For a list of Cisco proprietary RADIUS attributes, please visit the following Cisco Web site:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/vpradat.htm
For additional information about RFC information, please visit the following Internet Engineering Task Force (IETF) Web site:
http://www.ietf.org/rfc.html
For additional information about RADIUS, please visit the following RFC Web sites:
http://www.faqs.org/rfcs/rfc2138.html
http://www.freeradius.org/rfc/rfc2866.txt
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
317588 How to configure a primary Internet Authentication Service server on a domain controller
317589 How to configure a secondary Internet Authentication Service server on a domain controller
313082 How to enforce a Remote Access security policy in Windows 2000
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Properties

Article ID: 319824 - Last Review: October 26, 2013 - Revision: 4.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbnosurvey kbarchive kbhowto kbhowtomaster KB319824

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com