cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2139
Views
5
Helpful
4
Replies

ACS 5.X - External Proxy

andrewswanson
Level 7
Level 7

hello

i'm running into some problems with ACS 5 and the External Proxy Access Service policy. The issue is the same as outlined here:

https://supportforums.cisco.com/thread/2075329

i've also tried this with ACS 5.2 and 5.3. when i use the External Proxy policy in acs 5, only a set list of attributes is sent to the proxy - i can't add any additional attributes to this list. Is there a workaround for this or plans to introduce this capability in any future releases?

thanks

andy

4 Replies 4

andrewswanson
Level 7
Level 7

i contacted TAC who confirmed the above wasn't possible with current ACS 5 code. i've put in a feature request for a future release:

Request:  Requirement for ACS to draft an authentication request with additional attributes before forwarding it to proxy radius server

cheers

andy

For background information on this request can you share which attributes you would like to add and what is the use case

i'm looking to configure ACS 5 to take part in the eduroam service ( see http://www.eduroam.org/). this service allows users of participating institutions to use their university credentials to login to other university's WLANS.

to do this, we have to proxy 'visitors' authentication requests to  a central proxy service which directs the request to the appropriate institution for authentication.

the setup on ACS 5 is pretty straight forward but there is an additional requirement where we have to 'inject' a radius ietf attribute 126 operator-name into the authentication requests that are sent to the central proxy. the operator-name attribute will be a string and will contain the name of the institution that is sending the authentication request.

i can add the operator-name attribute to the ACS 5 radius dictionary but can't use it when using an External Proxy Access Service policy.

thanks

andy

Just finished taking part in ACS 5.4 beta test and this is resolved. ACS 5.4 allows the Outbound manipulation (Add/Delete/Modify) of RADIUS attributes when using an External Proxy access policy. Inbound manipulation (e.g. set attributes for aaa override) will hopefully be included in later releases.

cheers

andy