Profile name
|
Remote access user identity.
Example:
user1@example.com
|
Cleartext-password := "password"
|
Remote access user password specified by the remote access user on the remote access client.
This is required for AnyConnect EAP authentication.
|
Tunnel-Password = pre-shared-key-string
|
Pre-shared-key string to use for the remote access user.
This is required for pre-shared key authentication.
|
cisco-avpair+="ip:interface-config=vrf forwarding vrf-name"
|
VRF (service VPN) that the remote access user is assigned to.
Prerequisite: Define the VRF locally on the headend.
|
cisco-avpair+="ip:interface-config=ip unnumbered interface-name"
|
The IP unnumbered interface for the virtual-template and virtual-access interfaces.
-
Prerequisite: On the SD-WAN RA headend, configure the interface to use for remote access, and a private IP address, preferably from the IP pool subnet range.
-
The SD-WAN RA headend re-uses the private IP address described above for virtual-template and per-remote-access-user virtual-access interfaces.
Note
|
If the VRF attribute is configured in a RADIUS profile, then the ip numbered interface attribute must also be configured after the VRF attribute.
|
|
Framed-Pool=pool-name
|
Name of the IP pool, defined on the headend, that the remote access headend uses to assign an IP address to the remote access
user.
|
cisco-avpair+="ipsec:route-set=prefix prefix/prefix-length"
|
IP prefixes to which the remote access user requires access over the remote access VPN tunnel.
You can configure this attribute multiple times to specify multiple prefixes.
|
cisco-avpair+="ip:interface-config=cts role-based sgt-map sgt sgt-value"
|
The SGT to assign to the traffic from this remote access user that is destined to a Cisco Catalyst SD-WAN tunnel.
|