cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10917
Views
14
Helpful
7
Replies

ACS and APC UPS - radius authentication

rduke
Level 1
Level 1

Has anyone configured their APC UPS network managment cards to authenticate to ACS. The cards support radius, and I have that working, but the user only works as read only. How can I get them to work at at admin level ? I am not sure how to pass the attibutes back to the UPS.

Thanks for any tips.

Randy

1 Accepted Solution

Accepted Solutions

FYI

I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.

View solution in original post

7 Replies 7

Jagdeep Gambhir
Level 10
Level 10

Randy,

It works , no issues at all. In order to get all the options on the APC cards, you need to integrate the .ini file provided by the vendor.

With that INI we will upload APC radius attributes in acs.

Regards,

~JG

Do rate helpful posts

I realize that this is a VERY old thread... but... I figured I'd give it a shot.

Has anyone successfully configured an APC UPS network management cards to authenticate in ISE 2.1?  I have them authenticating properly in ACS 5.x, so I know the "basics" of setting up the dictionary and believe that I have the "radius vendors" setup correctly.  However I'm missing the "policy sets".  Similar to the start of this thread, my current ISE setup has all users logging in as "read only".

If so, any setup guides?  Thanks...

I am on 2.2 and have the same question.

darpotter
Level 5
Level 5

You need to return some APC Vendor Specific Attributes. These will not be defined in ACS so you'll need to add them. This process is documented in the ACS User Guide - basically you create a .ini file with the VSA info and load it with csutil or rdbms sync.

APCs vendor id is 318. You need to add a single integer attribute "APC-Service-Type" (id #1) which can take the following values:

1 adminsitrator

2 device-manager

3 read-only users

Good luck

Darran

Guys,

Sorry I forgot to post that I had it working. It was easier than I thought because all I needed to do was add Radius IETF option #6 and select "administrative".

I did see the APC info regarding VSA's, but I did not know how you input that data. I will have to look into the csutil and rdmns sync utilities since I am new to ACS.

thanks,

Randy

FYI

I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.

CSCO10973017
Level 1
Level 1

Save the following into an ini file and use the CS Utils feature to import the UDF / VSA

Don't include the lines "====" bits!

You can rename the Admin/Device/ReadOnly to what ever you like as the interger value is what is important, the name is only used byt the ACS interface for displaying the options in the HTML.

=====================================

[User Defined Vendor]

Name=APC Devices

IETF Code=318

VSA 1=APC-Service-Type

[APC-Service-Type]

Type=INTEGER

Profile=OUT

Enums=APC-Auth-Type

[APC-Auth-Type]

1=Admin

2=Device

3=ReadOnly

=====================================

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: