cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1974
Views
5
Helpful
3
Replies
Kashish_Patel
Explorer

ACS dictionary file

Hi Security Experts,

I have a requirement to add a third-party box (niksun appliance used for sniffing packets) as a radius client in ACS 4.2.

I have gone through the configuration guide of niksun to see how it should be done.

As per their documentation, I have to create a file on the ACS server ( our ACS is installed in a windows 2003 server) and this file should include Niksun Vendor ID. Then I have to include this file in ACS dictionary file.

Could you give me an example of how this is done on ACS 4.2? FYI our ACS is installed in a windows 2003 server.

PS : I rate useful posts.

Thanks,

Kashish

1 ACCEPTED SOLUTION

Accepted Solutions
maldehne
Cisco Employee

Well Well

You are talking about defining custom radius vendor on ACS.

This can be done using RDBMS synchronization feature , by having account actions.csv file built based on the dictionary defintion of the third party vendor and importing it back to ACS.

Check the following link for further info:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322

the following actiond codes should be the core for achieving your task:

350 ADD_UDV

352 ADD_VSA

353 SET_VSA_PROFILE

354 ADD_VSA_ENUM

355 ADOPT_NEW_UDV_OR_VSA

-------------------------------------------------------------------

Make sure to rate correct answer

View solution in original post

3 REPLIES 3
Kashish_Patel
Explorer

Can some security expert help me out here?

maldehne
Cisco Employee

Well Well

You are talking about defining custom radius vendor on ACS.

This can be done using RDBMS synchronization feature , by having account actions.csv file built based on the dictionary defintion of the third party vendor and importing it back to ACS.

Check the following link for further info:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322

the following actiond codes should be the core for achieving your task:

350 ADD_UDV

352 ADD_VSA

353 SET_VSA_PROFILE

354 ADD_VSA_ENUM

355 ADOPT_NEW_UDV_OR_VSA

-------------------------------------------------------------------

Make sure to rate correct answer

View solution in original post

Thanks maldehne.

On further reading, I found that same thing can be done using csutil. I used csutil and was able to add custom radius vendor. But I am sure RDBMS would also have worked.

Thanks,

Kashish

Content for Community-Ad