Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2596
Views
0
Helpful
9
Replies

RADIUS Vendor-Specific attribute

rvaguilera
Level 1
Level 1

‎02-22-2005 02:39 PM - edited ‎03-10-2019 02:01 PM

I'm using Cisco ACS 3.3 for RADIUS. How to do I make Vendor-Specific attribute available? (Attribute number 26, format: OctetString)

The online help makes reference to it, but does not tell you how to make it available.

Labels:
0 Helpful
9 Replies 9

jafrazie
Cisco Employee
Cisco Employee

‎02-22-2005 07:01 PM

Configure your NAS to authenticate using "Cisco IOS/PIX". By deafult, VSAs are visible for Groups. You need to enable this functionality if you need it on a per-user basis. This can be enabled under the "Interface Configuration" button in the UI.

Hope this helps.

0 Helpful

rvaguilera
Level 1
Level 1
In response to jafrazie

‎02-23-2005 07:40 AM

I've done this, but when I go to group configuration I see no attributes under this heading.

I'm using the 90 day trial version, but was under the assumption that it had full functionality.

0 Helpful

rvaguilera
Level 1
Level 1
In response to rvaguilera

‎02-24-2005 07:09 AM

BUMP.

Anyone?

0 Helpful

johnleeee
Level 1
Level 1
In response to rvaguilera

‎02-25-2005 08:16 AM

Hi fellow,

what you need to apply vendor specific attribute (26)

is to create special .ini file for concrete vendor.

I have done this and it function well.

What I can recommend you is to look for folder

Utils under ACS folder where you installed it

default is Program files. To apply crieted .ini

file you must use utility CSUtil.exe with defined parameters.

rg

jl

0 Helpful

guoqiang.li
Level 1
Level 1
In response to rvaguilera

‎03-08-2012 01:04 AM

hi,

can you give the special .ini file examle?thks a lot!

0 Helpful

rvaguilera
Level 1
Level 1
In response to jafrazie

‎03-01-2005 08:20 AM

I've done this and there are no attributes listed under that heading even though I've enabled them in Interface Configuration. I get all the IETF attributes I have configured to display, and did the same with IOS/PIX attributes (what I want is cisco-avpair), buy still no attributes under the IOS/PIX heading.

I basically wan't to be able to authenticate users logging into switches via RADIUS.

I'm trying to implement "shell:priv-lvl=15" using IETF attribute 26. Any help/suggestions?

This is what it says on the Cisco ACS 3.3 help page when I'm in the IETF RADIUS attributes section:

The RADIUS IETF attributes are available for any AAA client configuration when using RADIUS. If you want to use IETF attribute #26, Vendor Specific Attribute (VSA), you must enable the applicable VSAs on other pages of the Interface Configuration section. Attributes for both RADIUS (IETF) and any enabled RADIUS VSAs appear in User Setup or Group Setup.

Doesn't make sense.

0 Helpful

rvaguilera
Level 1
Level 1
In response to rvaguilera

‎03-01-2005 09:07 AM

BTW I'm using the Trial Version. Does anyone know if there are any limitations on this version?

0 Helpful

johnleeee
Level 1
Level 1
In response to rvaguilera

‎03-18-2005 01:05 AM

Hello guy,

as I set before what you need do is:

create .ini file and implement this file through

utility csutil.exe (it inside folder utility on your desktop) to ACS.

So after successful implementation

you have to check on Interface Configuration sheet concrete RADIUS vendor you created.

And inside Group setup sheet to configure this concrete shell parameter for your device.

And at the end assign concrete user to this group where you configured Radius shell parameter.

rg

jl

0 Helpful

guoqiang.li
Level 1
Level 1
In response to johnleeee

‎03-08-2012 01:05 AM

hi,

can you give the special .ini file examle?thks a lot!

0 Helpful
Customers Also Viewed These Support Documents