07-16-2008 06:16 AM - edited 03-10-2019 03:58 PM
Hello!
We have mixed network enviroment with cisco / HP equipment.
We are currently evaluating the Cisco ACS 4.2 to manage network access to the network equipment.
The cisco equipment works great but we are having problems the the procurve switches and radius (tacacs works great)
I've googled around and it seems that you need to create a new "vendor-specific attributes (VSAs)" for the procurve switches and edit the radius IETF settings to suit the right variables that needs to match the HP equipment.
Problem is that I cannot find this information anywhere online.
Has anyone else managed to solve this problem?
Would really appreciate the help!
Thanks
BR
Solved! Go to Solution.
07-16-2008 08:40 AM
Generally we need to upload VSA to acs. You need to get ini file from HP. Once you have you need to create vsa and upload it to acs.
As we require to add vendor specific attribute into ACS , then we first need to
create a file "accountActions.csv" using the format specified in "RDBMS Synchronization
Import Definition", once we are ready with the file, then we need to do a RDBMS
Synchorization of the file of ACS SE, and then go to :
Reports and Activity > RDBMS Synchronization, and make sure that synchronization was
successful without any error. Once this is done, we need to re-boot the ACS SE, and then
we can create a new AAA client and use then new RADIUS(xxxx) and the attributes that we
have added can be made visible from :
Interface Configuration > and selecting the newly added VSA Radius attribute.
::RDBMS Synchronization::
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa
pp40/ugse40/sad.htm#wp756877
::RDBMS Synchronization Import Definition::
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa
pp40/ugse40/ag.htm
Regards,
~JG
07-16-2008 08:40 AM
Generally we need to upload VSA to acs. You need to get ini file from HP. Once you have you need to create vsa and upload it to acs.
As we require to add vendor specific attribute into ACS , then we first need to
create a file "accountActions.csv" using the format specified in "RDBMS Synchronization
Import Definition", once we are ready with the file, then we need to do a RDBMS
Synchorization of the file of ACS SE, and then go to :
Reports and Activity > RDBMS Synchronization, and make sure that synchronization was
successful without any error. Once this is done, we need to re-boot the ACS SE, and then
we can create a new AAA client and use then new RADIUS(xxxx) and the attributes that we
have added can be made visible from :
Interface Configuration > and selecting the newly added VSA Radius attribute.
::RDBMS Synchronization::
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa
pp40/ugse40/sad.htm#wp756877
::RDBMS Synchronization Import Definition::
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa
pp40/ugse40/ag.htm
Regards,
~JG
07-16-2008 09:20 AM
Thanks for the answer JG
I'll email HP's support and hopefully they can assist with this ini file
Thanks
07-26-2008 12:55 AM
1. Create an ASCII file on the Cisco ACS
with a name e.g. âHP_VSA.txtâ
with the following entries:
[User Defined Vendor]
Name=Hewlett-Packard
IETF Code=11
VSA 2=HP-Command-String
VSA 3=HP-Command-Exception
[HP-Command-String]
Type=STRING
Profile=IN OUT
[HP-Command-Exception]
Type=INTEGER
Profile=IN OUT
Enums=Permit-Deny
[Permit-Deny]
0=permit
1=deny
2. 2. Add the VSA to the Cisco ACS
by executing the following:
c:\....\CSUtil.exe -addUDV slot-number HP_VSA.txt
slot-number: try to put "5"
3. Go to IETF Radius Attributes:
Service-Type âAdministrativeâ => privilege (manager) mode
Service-Type âNAS promptâ => login (operator) mode
Best of luck.
Alfadi Albaridi
01-11-2011 03:01 AM
I know this post is old, but it was very useful in getting me pointed in the right direction. I wanted to give a cleaner example of step 2
C:\Program Files (x86)\CiscoSecure ACS v4.2\bin>CSUtil.exe -addUDV 5 HP_VSA.txt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide