Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1116
Views
0
Helpful
2
Replies

Can ACS 5.2 be used as VMPS?

leninstcs
Level 1
Level 1

‎02-13-2012 05:40 AM - edited ‎03-10-2019 06:49 PM

I have ACS 1131 with 5.2 version software.

Can this be configured as a VLAN Membership Policy Server for dynamic vlan assignment in the switches.

If possible, Can anybody provide me the configuration steps or ideas.

Thanks & Regards,

Lenin S

9620745656

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-13-2012 06:28 AM

Yes, this is possible with ACS 5.2

The attributes are still same.

The RADIUS user attributes used for the VLAN ID assignment are:

  • IETF 64 (Tunnel Type)—Set this to VLAN.

  • IETF 65 (Tunnel Medium Type)—Set this to 802

  • IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID.

You may take a look at the screen shot to configure it on ACS 5.2

https://supportforums.cisco.com/servlet/JiveServlet/download/3211910-74181/DynVLANAssign.jpg

Once you are done with the policy element section then jump to access-policies and configure authorization profile.

Configuration example

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

Hope it helps.

Regards,

Jatin

Do rate help full posts-

~Jatin
0 Helpful

leninstcs
Level 1
Level 1
In response to Jatin Katyal

‎02-15-2012 07:31 AM

Hi,

Thanks a lot for the reply. I still didn't check this. I will update it soon.

Also I require another information.

I want to authorize show config command for level 4 user. Can this be done ing ACS 5.2 or we need to authorize on all the devices only.

switch configuration is

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 4 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

ACS config

Policy Elements > Authorization and Permissions > Device Administration > Command Sets.

I configured command set   with

grand - permit

command - show

attribute - config

but its not working,

please help me on this.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents