10-10-2012 07:44 AM - last edited on 03-25-2019 05:29 PM by ciscomoderator
Hi everyone,
I am trying to configure the ACS v5.x server to accept RADIUS authentication/authorization for BlueCoat ProxyAV 510's. Unfortunately, I can't seem to find any useful documentation for this.
I have created a BlueCoat VSA with an Attribute of 'Blue-Coat-Authorization' with a value of '2' (Admin Access) and Type of 'Unsigned Integer' but this does not seem to work. The ACS reports that authentication has succeeded but I cannot login to the BlueCoat device and have to rely on local access.
Has anyone managed to get this working in the field. Help appreciated!
inayat
10-10-2012 06:44 PM
Hi,
I am not sure if this is the same as a Blue Coat Proxy SG but I posted about this Blue Coat and ACS v4.x a while back under this thread:
https://supportforums.cisco.com/message/3356662#3356662 (This might help with the Blue Coat side)
If you want to convert it for v5.x then:
Cheers
Dave
10-11-2012 02:07 AM
Hi Dave,
Thank you for the response. I did step 1 of your five bullet points. But for the second bullet point there is no place to define the attribute as a 'string' type on that screen. It asks for the Vendor Attribute ID. These are the various parameters the ACS seems to be looking for across a number of screens and my tentative answers are on the right.
Vendor Name: Blue-Coat
Vendor ID: 14501
Vendor Attribute: ?
Vendor Attribute ID: ?
Vendor Attribute Type: String
Vendor Attribute Value: ?
Do you know what answers I need to enter above. I am told by my firewall team that the help file on the Bluecoat says that the Vendor Attribute should be 'Blue-Coat-Authorization' and the value should be '2' (admin access). However, the help files says nothing about the Vendor ID, Vendor Attribute ID or Vendor Attribute Type.
10-11-2012 02:26 AM
Hi Inayat,
It might be different for a a BC ProxyAV 510 than a BC Proxy SG
Here are the screenshots of the setup for the Proxy SG .
10-11-2012 02:52 AM
Hi Dave,
Thank you for that - yes, I think the ProxyAV requires that the Blue-Coat-Authorization attribute be added - though I don't know if this is in addition to the Blue-Coat-Group attribute that you have defined or not. In any case, when I try and create the attribute I get the following error message:
I had deleted all traces of the previous BlueCoat attributes I had created as well as references to them in my policies but I still get this error message. Any ideas? Thank you for your help so far!
09-11-2024 10:34 AM
can you share the tutorial you posted? the page does not exist anymore
09-11-2024 03:15 PM
This post is 12 years old and CS-ACS 5.x has been End of Support for over 2 years. You're not likely to find this content anymore.
09-11-2024 03:36 PM
I've had some luck, I've found a few, but I was really interested in this one, unfortunately now I'm the admin of an ACS 5.x that I need to configure for tacacs and radius auth for different vendors
09-22-2014 11:03 PM
Hi Sir ,
At the end , how do you resolve this issue , please share
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide