1. In NAC Manager click the "Switches" tab 2.
Click the switch you'd like to send the new RADIUS attribute to, and then click the "Edit"
button in the lower right hand corner of the table 3.
Click the drop down for "Gateway RADIUS Attributes to send" 4.
Check pre-loaded profiles to determine if the attributes you'd like to send are already in a configured profile by pressing the "gear" icon next to the pre-loaded profiles 5.
If the desired attributes do not exist in a pre-loaded profile then you'll need to create a new profile 6.
Highlight and copy the "Preview" section of your currently used profile 7.
Click the "Add"
Give the Attribute Group a name 9.
Paste in the Attributes in your clipboard into the Attribute Definition window, and then used the defined Variables on the bottom of the window to add the CUSTOM1 attribute into the new attribute group 10.
In this example I added in the CUSTOM1 attribute, and the CUSTOM2 attributes. (Case sensitive) You can either configure the profile to have the attribute string = %VARIABLE%, or just %VARIABLE% and have this defined in the policy mappings (Shown below). Be aware that the attribute string is CASE SENSITIVE. If not an exact match NAC will thrown an error when you try to save. The attribute must match exactly and exist in the freeRADIUS attribute dictionary. 11.
Click the "Save"
Click the "OK"
Choose the newly configured Attribute Group for the "Gateway RADIUS attributes to send" drop down 14.
Click the "OK
Select Tools -> Management and Configuration -> Advanced Configuration 16.
Drill into "NAC Profile" 17.
Drill into Policy Mappings and click "Default" 18.
Double click the Profile you wish to modify 19.
Add in Custom attribute or value in the field that was defined previously 20.
Alter the fields as needed. Popular fields for modification are VLAN ID for RFC 3580 support (must also be configured on switch) VLAN ID and VLAN egress as tagged or untagged, as well as Service type for management login to the switch 21.
Click OK for all of the previous windows, then do an enforce for this to take affect 22.
Check End system events to make sure the criteria is being used under the Authorization column after a reauthentication, or new authentication has taken place