Showing results for 
Search instead for 
Did you mean: 

Cisco 1113 ACS 4.2 1113 configure auth. for Infoblox appl.


Hi there,

I have an issue with Cisco ACS and an Infoblox appliance. We want to authenticate users, that login on the Infoblox, via the Cisco ACS. After that the ACS should reply with a passed (RADIUS) authentication and reply with an administrative groupname that the user belongs on the Infoblox. To do this I have to import a VSA to have the option in the ACS to reply with this groupname. On the Infoblox these groups are allready made and this must match the group that the ACS replies.

Now I have imported the VSA and configured an AAA client (infoblox) to use the new RADIUS (VSA) to support the Infoblox. In the groupsetting I've turned on the Infoblox-Group_info  attribute and filled in a specific groupname that the authenticated user belongs to. Now here comes the part where the group info is returned, but the Infoblox Appliance gives me a RADIUS error reply message. As I can see in the logs of the ACS the authentication part of the user is fine. So it has to be between the info that the ACS replies with, when the user logs in.

I've attach the VSA and a *.pcap of wireshark to see what's going on.

Can anyone advice of suggest any option that can make this thing work.

With regards,

Richard Gosen

1 Accepted Solution

Accepted Solutions

Hi Richard,

Please find attached accountsActions to delete it, and you can use your original accountsActions to readd the VSA.

Hope that works.

View solution in original post

10 Replies 10

Jennifer Halim
Cisco Employee
Cisco Employee

Hi Richard,

Seems to be matching this bugID: CSCsv65072:

Which version are you running?

For, patch 8 or later has the fix.

For, patch 13 or later has the fix.

Hope that helps.

Hello Halijenn,

Thank you for your reply.

The version of ACS is so it make sense why this is not working.

Where can I apply for this patch?

With regards,

Richard Gosen


Thanks for your info.

I've applied the patch, but the ACS still sends a malformed packet back to the Infoblox when a user tries to login.

The ACS is rebooted and the VSA is re-enabled with the specific group info.

Am I missing something here?

With regards,

Richard Gosen

Please remove the VSA, and re-add it. It should work after you re-add it.

Should I make a *.csv to delete all the records that the imported VSA.csv, as mentioned previously, has created?

This Cisco ACS is not my core knowledge

Maybe you can confirm that I must use action code 161 to delete this VSA. I didn't see any option to delete it in the Solution Engine.

Can you put me in a right direction?

Hi Richard,

Please find attached accountsActions to delete it, and you can use your original accountsActions to readd the VSA.

Hope that works.


Unfortunatly the above solution doesn't do the trick. When I delete the imported VSA, via the attached *.csv, the Infoblox attributes still shows up when I re-add the Infoblox appliance to a network device group en there choose "Radius (Infoblox)" for the authentication. After deleting the VSA I have restarted the ACS SE. The returned acknowledgment from the ACS still presents a malformed packet. When I uncheck the checkbox of the "RADIUS (Infoblox)" attribute in the group settings, then it shows no malformed packet, but no group information is sent either.

Again I have imported the original accountsAction.csv and restarted the SE, but it still returns malformed packets.

Any other possibilities?

Kind regards,

Richard Gosen


I have re-imaged the ACS with the recovery DVD and applied the patch Next I imported the VSA and rebooted the server. After this I added the Infoblox appliance and could choose the VSA for authentication. Under "interface configuration" I clicked "INfoblox attributes" and checked the group specific info checkbox.

In the group setup you can check the group specific info and add a groupname that is also in the Infoblox appliance. When a user logs into the appliance it gets redirected to the right group.

Everything is working fine. I guess the ACS was a bit messy.

Thank you Halijenn for your great support.

Thanks for the update. Good to hear all is working fine now. Cheers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers