https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757897#M218711 <HTML><HEAD></HEAD><BODY><P> i contacted TAC who confirmed the above wasn't possible with current ACS 5 code. i've put in a feature request for a future release:</P><P></P><P><SPAN style="font-size: 10pt;"><SPAN style="font-family: Arial;">Request:&nbsp; </SPAN><SPAN style="font-family: Arial;">Requirement for ACS to draft an authentication request with additional attributes before forwarding it to proxy radius server</SPAN></SPAN></P><P><SPAN style="font-size: 10pt; font-family: Arial; "> </SPAN></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">cheers</SPAN></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">andy</SPAN></P></BODY></HTML> Wed, 23 Nov 2011 16:08:18 GMT andrewswanson 2011-11-23T16:08:18Z https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757896#M218708 <P><SPAN style="font-size: 10pt;"></SPAN></P><P>hello</P><P>i'm running into some problems with ACS 5 and the External Proxy Access Service policy. The issue is the same as outlined here:</P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><A _jive_internal="true" href="https://community.cisco.com/thread/2075329" target="_blank">https://supportforums.cisco.com/thread/2075329</A></P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P></P><P>i've also tried this with ACS 5.2 and 5.3. when i use the External Proxy policy in acs 5, only a set list of attributes is sent to the proxy - i can't add any additional attributes to this list. Is there a workaround for this or plans to introduce this capability in any future releases?</P><P></P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P>thanks</P><P>andy</P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P></P> Mon, 11 Mar 2019 01:29:45 GMT https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757896#M218708 andrewswanson 2019-03-11T01:29:45Z https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757897#M218711 <HTML><HEAD></HEAD><BODY><P> i contacted TAC who confirmed the above wasn't possible with current ACS 5 code. i've put in a feature request for a future release:</P><P></P><P><SPAN style="font-size: 10pt;"><SPAN style="font-family: Arial;">Request:&nbsp; </SPAN><SPAN style="font-family: Arial;">Requirement for ACS to draft an authentication request with additional attributes before forwarding it to proxy radius server</SPAN></SPAN></P><P><SPAN style="font-size: 10pt; font-family: Arial; "> </SPAN></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">cheers</SPAN></P><P><SPAN style="font-size: 10pt; font-family: Arial; ">andy</SPAN></P></BODY></HTML> Wed, 23 Nov 2011 16:08:18 GMT https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757897#M218711 andrewswanson 2011-11-23T16:08:18Z https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757898#M218713 <HTML><HEAD></HEAD><BODY><P>For background information on this request can you share which attributes you would like to add and what is the use case</P></BODY></HTML> Wed, 23 Nov 2011 23:03:30 GMT https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757898#M218713 jrabinow 2011-11-23T23:03:30Z https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757899#M218715 <HTML><HEAD></HEAD><BODY><P> i'm looking to configure ACS 5 to take part in the eduroam service ( see <A href="http://www.eduroam.org/">http://www.eduroam.org/</A>). this service allows users of participating institutions to use their university credentials to login to other university's WLANS.</P><P></P><P>to do this, we have to proxy 'visitors' authentication requests to&nbsp; a central proxy service which directs the request to the appropriate institution for authentication.</P><P></P><P>the setup on ACS 5 is pretty straight forward but there is an additional requirement where we have to 'inject' a radius ietf attribute 126 operator-name into the authentication requests that are sent to the central proxy. the operator-name attribute will be a string and will contain the name of the institution that is sending the authentication request.</P><P></P><P>i can add the operator-name attribute to the ACS 5 radius dictionary but can't use it when using an External Proxy Access Service policy.</P><P></P><P>thanks</P><P>andy</P></BODY></HTML> Wed, 23 Nov 2011 23:30:43 GMT https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757899#M218715 andrewswanson 2011-11-23T23:30:43Z https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757900#M218716 <HTML><HEAD></HEAD><BODY><P> Just finished taking part in ACS 5.4 beta test and this is resolved. ACS 5.4 allows the Outbound manipulation (Add/Delete/Modify) of RADIUS attributes when using an External Proxy access policy. Inbound manipulation (e.g. set attributes for aaa override) will hopefully be included in later releases.</P><P>cheers</P><P>andy</P></BODY></HTML> Mon, 09 Jul 2012 10:41:22 GMT https://community.cisco.com/t5/network-access-control/acs-5-x-external-proxy/m-p/1757900#M218716 andrewswanson 2012-07-09T10:41:22Z