I'm using Cisco ACS 3.3 for RADIUS. How to do I make Vendor-Specific attribute available? (Attribute number 26, format: OctetString)
The online help makes reference to it, but does not tell you how to make it available.
Configure your NAS to authenticate using "Cisco IOS/PIX". By deafult, VSAs are visible for Groups. You need to enable this functionality if you need it on a per-user basis. This can be enabled under the "Interface Configuration" button in the UI.
Hope this helps.
I've done this, but when I go to group configuration I see no attributes under this heading.
I'm using the 90 day trial version, but was under the assumption that it had full functionality.
what you need to apply vendor specific attribute (26)
is to create special .ini file for concrete vendor.
I have done this and it function well.
What I can recommend you is to look for folder
Utils under ACS folder where you installed it
default is Program files. To apply crieted .ini
file you must use utility CSUtil.exe with defined parameters.
I've done this and there are no attributes listed under that heading even though I've enabled them in Interface Configuration. I get all the IETF attributes I have configured to display, and did the same with IOS/PIX attributes (what I want is cisco-avpair), buy still no attributes under the IOS/PIX heading.
I basically wan't to be able to authenticate users logging into switches via RADIUS.
I'm trying to implement "shell:priv-lvl=15" using IETF attribute 26. Any help/suggestions?
This is what it says on the Cisco ACS 3.3 help page when I'm in the IETF RADIUS attributes section:
The RADIUS IETF attributes are available for any AAA client configuration when using RADIUS. If you want to use IETF attribute #26, Vendor Specific Attribute (VSA), you must enable the applicable VSAs on other pages of the Interface Configuration section. Attributes for both RADIUS (IETF) and any enabled RADIUS VSAs appear in User Setup or Group Setup.
Doesn't make sense.
as I set before what you need do is:
create .ini file and implement this file through
utility csutil.exe (it inside folder utility on your desktop) to ACS.
So after successful implementation
you have to check on Interface Configuration sheet concrete RADIUS vendor you created.
And inside Group setup sheet to configure this concrete shell parameter for your device.
And at the end assign concrete user to this group where you configured Radius shell parameter.