Can ACS 5.2 be used as VMPS?

leninstcs · ‎02-13-2012

I have ACS 1131 with 5.2 version software.

Can this be configured as a VLAN Membership Policy Server for dynamic vlan assignment in the switches.

If possible, Can anybody provide me the configuration steps or ideas.

Thanks & Regards,

Lenin S

9620745656

Jatin Katyal · ‎02-13-2012

Yes, this is possible with ACS 5.2

The attributes are still same.

The RADIUS user attributes used for the VLAN ID assignment are:

You may take a look at the screen shot to configure it on ACS 5.2

Once you are done with the policy element section then jump to access-policies and configure authorization profile.

Configuration example

Hope it helps.

Regards,

Jatin

Do rate help full posts-

~Jatin

leninstcs · ‎02-15-2012

Hi,

Thanks a lot for the reply. I still didn't check this. I will update it soon.

Also I require another information.

I want to authorize show config command for level 4 user. Can this be done ing ACS 5.2 or we need to authorize on all the devices only.

switch configuration is

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 4 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

ACS config

Policy Elements > Authorization and Permissions > Device Administration > Command Sets.

I configured command set with

grand - permit

command - show

attribute - config

but its not working,

please help me on this.