Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
0
Helpful
4
Replies

No attribute appear in new custom VSA RADIUS

hitman888
Level 1
Level 1

‎04-02-2005 06:18 PM - edited ‎03-10-2019 02:05 PM

Hi,

I use Cisco Secure version 3.2 on windows 2000

I just had a new custom VSA Radius with the utility CSUtil.exe

Fist i create the file myvsa.ini, this is for a SONET optical Nortel equipement, here it is:

[User Defined Vendor]

Name=OM3000

IETF Code=562

VSA 1=OM3000_UPC

[OM3000_UPC]

Type=INTEGER

Profile=OUT

Enums=Levels_Privileges

[Levels_Privileges]

0=UPC0

1=UPC1

2=UPC2

3=UPC3

4=UPC4

5=UPC5

After i check if i have a UDV unassigned

C:\Program Files\CiscoSecure ACS v3.2\Utils>csutil -listudv

Here the response:

UDV 0 - Unassigned

UDV 1 - Unassigned

UDV 2 - Unassigned

UDV 3 - Unassigned

UDV 4 - Unassigned

UDV 5 - Unassigned

UDV 6 - Unassigned

UDV 7 - Unassigned

UDV 8 - Unassigned

UDV 9 - Unassigned

Then i run the command: C:\Program Files\CiscoSecure ACS v3.2\Utils>csutil -addudv 0 c:\temp\myvsa.ini

I get the following messages

Adding or removing vendors requires ACS services to be re-started.

Please make sure regedit is not running as it can prevent registry

backup/restore operations

Are you sure you want to proceed? (y/n)y

Parsing [c:\temp\myvsa.ini] for addition at UDV slot [0]

Stopping any running services

Creating backup of current config

Adding Vendor [OM3000] added as [RADIUS (OM3000)]

Adding VSA [OM3000_UPC]

Done

Checking new configuration...

New configuration OK

Re-starting stopped services

Verify that OM3000 was added.

C:\Program Files\CiscoSecure ACS v3.2\Utils>csutil -listudv

UDV 0 - RADIUS (OM3000)

UDV 1 - Unassigned

UDV 2 - Unassigned

UDV 3 - Unassigned

UDV 4 - Unassigned

UDV 5 - Unassigned

UDV 6 - Unassigned

UDV 7 - Unassigned

UDV 8 - Unassigned

UDV 9 - Unassigned

Return to ACS Admin and select Interface configuration and enable RADIUS(OM3000) for group.

The problem is, i do not see any attribute under the Title RADIUS(OM3000)

I expect to see the attribute OM3000 and a drop down list option with the integer 0 to 5 to select but nothing

Do i miss something or it is a ACS known bug ?????

It is the same under a group in the section GROUP SETUP , i see the section RADIUS(IETF) with attributes in this section that can be seclect and configure..

But under the section RADIUS(OM3000) there is no attribute, this section is empty ????

Thanks in advance for your help

Dan

Labels:
0 Helpful
4 Replies 4

sstudsdahl
Level 4
Level 4

‎04-04-2005 11:35 AM

Dan,

Once you add your AAA client to ACS and set it up for authentication using RADIUS (OM3000), you will then see the "RADIUS (OM3000)" method listed on the "Interface Configuration" page. If you click on that entry, you will be presented with an option to select the "[026/562/001] OM3000_UPC" for user and group configuration pages. If you check both boxes here, then edit the specific user or group, you will see the drop down box at the very bottom of the configuration options for the user/group as you are expecting.

HTH

Steve

0 Helpful

hitman888
Level 1
Level 1
In response to sstudsdahl

‎04-04-2005 05:11 PM

Hi Steve,

Thanks for the reply.

I done the first part of your reply and i see the drop down box at the very bottom of the configuration options for the user/group.

His title is: RADIUS(OM3000) Attributes

But i have no atribute at all to check in.

I thought i should see OM3000_UPC with a drop down list to 0 to 5 to select ???

Did i miss something ?

0 Helpful

sstudsdahl
Level 4
Level 4
In response to hitman888

‎04-05-2005 09:03 AM

I've imported the UDV file that you listed in your original post into a test ACS server that I have. The version that I am running is ACS v3.3(1) and when I go in and edit a user/group, I all see the "RADIUS (OM3000) Attributes" section at the bottom of the setup page. Within that box, I have an option for "[562\001] OM3000_UPC" with a dropdown box to the right of it with values of "UPC0" through "UPC5".

Seeing this work in 3.3(1) makes me wonder if there might be a bug within the version of ACS that you are using. I may have version 3.2 installed on a test system yet. I will take a look and try importing this into that one and see what results I get.

Steve

0 Helpful

hitman888
Level 1
Level 1
In response to sstudsdahl

‎04-05-2005 09:12 AM

Hi Steve,

I solve my problem.

I have to do a stop - start of the CSAdmin process in Windows Services.

And after the attribute OM3000_UPC appear in the user/group section with the option UPC0 to UPC5.

It is a Cisco Secure Bug, i think

Thans again for your help

Dan

0 Helpful
Customers Also Viewed These Support Documents