This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am trying to configure the ACS v5.x server to accept RADIUS authentication/authorization for BlueCoat ProxyAV 510's. Unfortunately, I can't seem to find any useful documentation for this.
I have created a BlueCoat VSA with an Attribute of 'Blue-Coat-Authorization' with a value of '2' (Admin Access) and Type of 'Unsigned Integer' but this does not seem to work. The ACS reports that authentication has succeeded but I cannot login to the BlueCoat device and have to rely on local access.
Has anyone managed to get this working in the field. Help appreciated!
I am not sure if this is the same as a Blue Coat Proxy SG but I posted about this Blue Coat and ACS v4.x a while back under this thread:
https://supportforums.cisco.com/message/3356662#3356662 (This might help with the Blue Coat side)
If you want to convert it for v5.x then:
Thank you for the response. I did step 1 of your five bullet points. But for the second bullet point there is no place to define the attribute as a 'string' type on that screen. It asks for the Vendor Attribute ID. These are the various parameters the ACS seems to be looking for across a number of screens and my tentative answers are on the right.
Vendor Name: Blue-Coat
Vendor ID: 14501
Vendor Attribute: ?
Vendor Attribute ID: ?
Vendor Attribute Type: String
Vendor Attribute Value: ?
Do you know what answers I need to enter above. I am told by my firewall team that the help file on the Bluecoat says that the Vendor Attribute should be 'Blue-Coat-Authorization' and the value should be '2' (admin access). However, the help files says nothing about the Vendor ID, Vendor Attribute ID or Vendor Attribute Type.
Thank you for that - yes, I think the ProxyAV requires that the Blue-Coat-Authorization attribute be added - though I don't know if this is in addition to the Blue-Coat-Group attribute that you have defined or not. In any case, when I try and create the attribute I get the following error message:
I had deleted all traces of the previous BlueCoat attributes I had created as well as references to them in my policies but I still get this error message. Any ideas? Thank you for your help so far!