The below example utilizes the Cisco dictionary file to demonstrate the configuration. The attribute Cisco-AVPair is used to specify the Group or Role name network-admin.

The relevant section of the dictionary file for this example is:

VENDOR  Cisco    9

#
# Standard attribute
#
BEGIN-VENDOR Cisco

ATTRIBUTE Cisco-AVPair    1 string

1. Configure the RADIUS server to send the attribute Cisco-AVPair with a string value for the Group or Role name as network-admin.
   
   A packet capture viewed in WireShark would show the attribute below within the user's Access-Accept packet:
   
   Attribute Value Pairs
       AVP: t=Vendor-Specific(26) l=33 vnd=ciscoSystems(9)
           Type: 26
           Length: 33
           Vendor ID: ciscoSystems (9)
           VSA: t=Cisco-AVPair(1) l=27 val=network-admin
               Type: 1
               Length: 27
               Cisco-AVPair: network-admin
   
   
2. In Management Center, navigate to Administration (gear icon on the left-side menu) > Settings > RADIUS
   
   
3. Enable the role or group membership sync option and specify the attribute name.
   
   
   Note: Management Center will search its dictionary files for the attribute name, so there is no need to specify the vendor id or attribute number. This is the name only.
   
   
4. Navigate to Administration > Groups or Administration > Roles and create the network-admin Role or Group.
   
   Sample Group Configuration:
   
   
   
   Sample Role Configuration:
   
   
   
   
5. Save and Activate the settings.

RADIUS users should now be able to log into Management Center and automatically inherit the role and/or group.