Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2149
Views
5
Helpful
4
Replies

ACS 5.X - External Proxy

andrewswanson
Level 7
Level 7

‎10-19-2011 06:41 AM - edited ‎03-10-2019 06:29 PM

hello

i'm running into some problems with ACS 5 and the External Proxy Access Service policy. The issue is the same as outlined here:

https://supportforums.cisco.com/thread/2075329

i've also tried this with ACS 5.2 and 5.3. when i use the External Proxy policy in acs 5, only a set list of attributes is sent to the proxy - i can't add any additional attributes to this list. Is there a workaround for this or plans to introduce this capability in any future releases?

thanks

andy

Labels:
0 Helpful
4 Replies 4

andrewswanson
Level 7
Level 7

‎11-23-2011 08:08 AM

i contacted TAC who confirmed the above wasn't possible with current ACS 5 code. i've put in a feature request for a future release:

Request:  Requirement for ACS to draft an authentication request with additional attributes before forwarding it to proxy radius server

cheers

andy

0 Helpful

jrabinow
Level 7
Level 7
In response to andrewswanson

‎11-23-2011 03:03 PM

For background information on this request can you share which attributes you would like to add and what is the use case

0 Helpful

andrewswanson
Level 7
Level 7
In response to jrabinow

‎11-23-2011 03:30 PM

i'm looking to configure ACS 5 to take part in the eduroam service ( see http://www.eduroam.org/). this service allows users of participating institutions to use their university credentials to login to other university's WLANS.

to do this, we have to proxy 'visitors' authentication requests to  a central proxy service which directs the request to the appropriate institution for authentication.

the setup on ACS 5 is pretty straight forward but there is an additional requirement where we have to 'inject' a radius ietf attribute 126 operator-name into the authentication requests that are sent to the central proxy. the operator-name attribute will be a string and will contain the name of the institution that is sending the authentication request.

i can add the operator-name attribute to the ACS 5 radius dictionary but can't use it when using an External Proxy Access Service policy.

thanks

andy

0 Helpful

andrewswanson
Level 7
Level 7
In response to andrewswanson

‎07-09-2012 03:41 AM

Just finished taking part in ACS 5.4 beta test and this is resolved. ACS 5.4 allows the Outbound manipulation (Add/Delete/Modify) of RADIUS attributes when using an External Proxy access policy. Inbound manipulation (e.g. set attributes for aaa override) will hopefully be included in later releases.

cheers

andy

Customers Also Viewed These Support Documents