Microsoft KB Archive/319824

= How to configure vendor-specific attributes for a remote access policy in Windows 2000 =

Article ID: 319824

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q319824



IN THIS TASK
SUMMARY How to Configure Vendor-Specific Attributes
 * Example

REFERENCES



SUMMARY
This step-by-step article describes how to configure vendor specific attributes for Network Address Server (NAS) clients in an Internet Authentication Service (IAS) remote access policy.

You can use a server that is running IAS to provide Remote Authentication Dial-In User Service (RADIUS) authentication and accounting for remote access to the domain. However, many vendors include features that are specific to their NAS. To turn on the functionality of these features, customize the remote access policy on the IAS server.

back to the top

How to configure vendor-specific attributes
 Click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service. Click Remote Access Policies. Right-click the remote access policy that you want to configure in the right pane, and then click Properties. Click Edit Profile, click the Advanced tab, and then click Add. If the vendor-specific attribute is displayed in the RADIUS attributes list:  Double-click the vendor-specific attribute that you want to configure. For example, double-click Cisco-AV-Pair. Click Add.</li> Type the value for the attribute in the Attribute value box, and then click OK.

Note See the product documentation to obtain a list of values for the attributes.For information about how to contact computer hardware manufacturers, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

</li> Click OK, and then click Close.</li></ol> </li> If the vendor-specific attribute is not displayed in the RADIUS attributes list: <ol style="list-style-type: lower-alpha;"> Double-click Vendor-Specific.</li> Click Add, and then perform one of the following tasks: <ul> Click Select from list, and then click the NAS vendor for your product. For example, to select the vendor for Microsoft Routing and Remote Access, click Microsoft.

-or-</li> Click Enter Vendor Code, and then type the vendor-specific code for your product. For a list of SMI Network Management Private Enterprise Codes, please visit the following Information Sciences Institute (ISI) Web site:

http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers

</li></ul> </li></ol> </li> If the attribute follows RADIUS Request for Comment (RFC) specifications, click '''Yes. It conforms, click Configure Attribute, type the attribute information in the corresponding boxes, and then click OK'''.</li> If the attribute does not follow RADIUS RFC specifications, click No. It does not conform, click Configure Attribute, type the hexadecimal attribute value in the corresponding box, and then click OK.</li> Click OK.</li> In the Multivalued Attribute Information dialog box, list the attribute values in the order that you want them to apply.

To do so, click an attribute, and then click Move Up or Move Down to arrange its order in the list. Attributes that are displayed earlier in the list are applied before attributes that are displayed later in this list.

For example, if you are using a filtering attribute that automatically disconnects users who do not satisfy specific criteria, Microsoft recommends that you make sure that this attribute is displayed at the top of the list.</li> Click OK, and then click Close.</li> Click OK, and then click OK.</li> Quit the IAS snap-in.</li></ol>

back to the top

Example
The following example describes how to configure a Cisco attribute to specify a primary DNS server. The Cisco attribute to specify a primary DNS server is similar to the following attribute, where  is the Internet Protocol (IP) address in the dotted decimal format (for example, 10.10.10.10):

ip:dns-servers= 

To specify the primary DNS server: <ol> Click Start, point to Programs, point to Administrative Tools, and then click Internet Service Manager.</li> <li>Click Remote Access Policies.</li> <li>Right-click the remote access policy that you want to configure in the right pane, and then click Properties.</li> <li>Click Edit Profile, click the Advanced tab, and then click Add.</li> <li>In the RADIUS attributes list, double-click Vendor-Specific, and then click Add.</li> <li>Click Select from list (if it is not already selected), and then click Cisco in the Specify network access server vendor list.</li> <li>Click '''Yes. It conforms, and then click Configure Attribute'''.</li> <li>In the Vendor-assigned attribute number box, type 1.

NOTE: This value is the Cisco number for their vendor-specific attributes that take the &quot;attribute-value&quot; pair form. Cisco refers to this form as &quot;cisco-avpair.&quot;</li> <li>In the Attribute value box, type ip:dns-servers= (where  is the IP address of the primary DNS server).

For additional information about Cisco DNS server attributes, please visit the following Cisco Web site:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_4/dnsserv.htm

</li> <li>Click OK, click OK, click OK, and then click Close.</li> <li>Click OK, click OK, and then quit the IAS snap-in.</li></ol>

back to the top

<div class="references_section">