03-11-2013 12:34 AM - edited 03-10-2019 08:10 PM
Need some help regarding Cisco Airespace configuration in Cisco Secure ACS v5.3. We're migrating to ACS v5.3 but we're encountering an issue with
Cisco Airespace. It is only working on ACS4.1 but when we tried to move it to Cisco Secure ACS v5.3, it is not working.
03-11-2013 02:23 AM
What do you mean by Airespace? a controller? or an AP?
What is the thing that is not working? clients authentiation? or management authentication?
What is the message that appears on the ACS logs when you try to authenticate?
Rating useful replies is more useful than saying "Thank you"
03-12-2013 07:09 PM
Ok, we have a legacy Cisco wireless devices called Cisco Airespace and this device is the result of Cisco acquisition of Airespace Wireless Network in 2005. Cisco improve this technology and make it a perfect device for WLAN. Going back to my issue, as I mention we have this device and it is working in our older version of ACS (4.x). Since we have now a latest version of ACS which is 5.3. We wanted to migrate all the device into our latest version of ACS including older version (Airespace). Since this is an older device, I'm thinking that the VSA attributes needs to manually added and create Policy and Access Service specific to Cisco Airespace. I've attached the Dictionaries attributed that I've added and needs some advise if I got the correct value for below item
Airespace-WLAN-Id
Airespace-QoS-Level
Airespace-DSCP
Airespace-802.1p-Tag
Airespace-Interface-Name
Airespace-ACL-Name
Below link is the configuration guide for Cisco Airespace under ACS 4.x
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml
03-12-2013 11:53 PM
all the Airospace attributes that you have mentioned are already available on ACS 5.
All you need to do is to have them linked in the plolicies that you have created.
For info about the values of those attributes:
Airespace-WLAN-Id : you should enter the wlan profile id needed as configured on the controller
Airespace-QoS-Level : You add the value of QoS profile to be authorized to certain user , either
Platinum, Silver, Gold , Bronze or Uranium
Airespace-DSCP : You add the DSCP value to be authorized
Airespace-802.1p-Tag : You add the dot1p value to be authorized
Airospace-Interface-Name:You add the name of interface to be authorized to certain user , this can be used
as alternative to dynamic vlan assignment, but you have to make sure that the interface name returned has been
already configured on the WLC.
Airespace-ACL-Name : put the ACL name to be controlling particular client traffic after successful authentication, you have to make sure that the ACL name is valid for already defined one on the WLC.
----------------------------------------------------------------------------------------------
Please make sure to rate correct answers
03-14-2013 01:06 AM
Hi Maldehne,
Thanks for your reply but I'm confuse regarding the term that you mention in authorizing the DCP. Which part in ACS do i need to do that? I have set the Access policy already and I'm not so certain if I got it correct regarding the Attribute Value.
03-14-2013 01:33 AM
interface name : not sure if you have interface with the name of 32
and ACL with the name of 64 ? You should put a value defined on your controller
so you should already have a dynamic interface with the same name
and ACL with the same name as well on your controller, otherwise your controller
will not be able to force the needed level of authorization.
In the following link , have a look on common DSCP values that are used:
make sure to have integer value for DSCP
------------------------------------------------------------------------------------------
Please make sure to flag this thread as answered
03-18-2013 07:17 PM
Hi Maldehne,
Thank you for the information, it is clear now to me on how to configure the Airespace VSA in ACS 5.3. We're not implementing ACL in our WLAN controller
Airespace-Wlan-Id -> Value is set to "0" since the WLC are set to 0 or default
Airespace-QOS-Level -> Value is set to "Silver" since it is the one that is configure in WLC
Airespace-Interface-Name -> Value is set to "management" as define in WLC
-> Below are the VSA that I've remove in my configuration in ACS 5.3 since it is not define in ou WLC, let me know if it is the right thing to do or there is a default value that I can configure.
Airespace-ACL-Name -> This is not define in our WLC
Airespace-DSCP -> This is not define in our WLC
Airespace-802.1p-Tag -> Remove and to have the system put-in the default value
Thanks,
Erwin
03-18-2013 11:41 PM
if you don't want to use certain attributes just remove them from the authorization profile.
--------------------------------------------------------------------------------------
Please make sure to rate correct answers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide