Using RADIUS authentication with third-party dictionary files
search cancel

Using RADIUS authentication with third-party dictionary files


Article ID: 248834


Updated On:


Management Center


Management Center supports configuring RADIUS to utilize third-party dictionary files for Group and Role based authorization.

Management Center contains well-known vendor dictionary files for mapping attributes.


The below example utilizes the Cisco dictionary file to demonstrate the configuration. The attribute Cisco-AVPair is used to specify the Group or Role name network-admin.

The relevant section of the dictionary file for this example is:

VENDOR  Cisco    9

# Standard attribute

ATTRIBUTE Cisco-AVPair    1 string


  1. Configure the RADIUS server to send the attribute Cisco-AVPair with a string value for the Group or Role name as network-admin.

    A packet capture viewed in WireShark would show the attribute below within the user's Access-Accept packet:

    Attribute Value Pairs
        AVP: t=Vendor-Specific(26) l=33 vnd=ciscoSystems(9)
            Type: 26
            Length: 33
            Vendor ID: ciscoSystems (9)
            VSA: t=Cisco-AVPair(1) l=27 val=network-admin
                Type: 1
                Length: 27
                Cisco-AVPair: network-admin

  2. In Management Center, navigate to Administration (gear icon on the left-side menu) > Settings > RADIUS

  3. Enable the role or group membership sync option and specify the attribute name.

    Note: Management Center will search its dictionary files for the attribute name, so there is no need to specify the vendor id or attribute number. This is the name only.

  4. Navigate to Administration > Groups or Administration > Roles and create the network-admin Role or Group.

    Sample Group Configuration:

    Sample Role Configuration:

  5. Save and Activate the settings.


RADIUS users should now be able to log into Management Center and automatically inherit the role and/or group.