cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1083
Views
0
Helpful
9
Replies
Beginner

RADIUS Vendor-Specific attribute

I'm using Cisco ACS 3.3 for RADIUS. How to do I make Vendor-Specific attribute available? (Attribute number 26, format: OctetString)

The online help makes reference to it, but does not tell you how to make it available.

9 REPLIES 9
Cisco Employee

Re: RADIUS Vendor-Specific attribute

Configure your NAS to authenticate using "Cisco IOS/PIX". By deafult, VSAs are visible for Groups. You need to enable this functionality if you need it on a per-user basis. This can be enabled under the "Interface Configuration" button in the UI.

Hope this helps.

Beginner

Re: RADIUS Vendor-Specific attribute

I've done this, but when I go to group configuration I see no attributes under this heading.

I'm using the 90 day trial version, but was under the assumption that it had full functionality.

Beginner

Re: RADIUS Vendor-Specific attribute

BUMP.

Anyone?

Beginner

Re: RADIUS Vendor-Specific attribute

Hi fellow,

what you need to apply vendor specific attribute (26)

is to create special .ini file for concrete vendor.

I have done this and it function well.

What I can recommend you is to look for folder

Utils under ACS folder where you installed it

default is Program files. To apply crieted .ini

file you must use utility CSUtil.exe with defined parameters.

rg

jl

Highlighted
Beginner

Re: RADIUS Vendor-Specific attribute

hi,

can you give the special .ini file examle?thks a lot!

Beginner

Re: RADIUS Vendor-Specific attribute

I've done this and there are no attributes listed under that heading even though I've enabled them in Interface Configuration. I get all the IETF attributes I have configured to display, and did the same with IOS/PIX attributes (what I want is cisco-avpair), buy still no attributes under the IOS/PIX heading.

I basically wan't to be able to authenticate users logging into switches via RADIUS.

I'm trying to implement "shell:priv-lvl=15" using IETF attribute 26. Any help/suggestions?

This is what it says on the Cisco ACS 3.3 help page when I'm in the IETF RADIUS attributes section:

The RADIUS IETF attributes are available for any AAA client configuration when using RADIUS. If you want to use IETF attribute #26, Vendor Specific Attribute (VSA), you must enable the applicable VSAs on other pages of the Interface Configuration section. Attributes for both RADIUS (IETF) and any enabled RADIUS VSAs appear in User Setup or Group Setup.

Doesn't make sense.

Beginner

Re: RADIUS Vendor-Specific attribute

BTW I'm using the Trial Version. Does anyone know if there are any limitations on this version?

Beginner

Re: RADIUS Vendor-Specific attribute

Hello guy,

as I set before what you need do is:

create .ini file and implement this file through

utility csutil.exe (it inside folder utility on your desktop) to ACS.

So after successful implementation

you have to check on Interface Configuration sheet concrete RADIUS vendor you created.

And inside Group setup sheet to configure this concrete shell parameter for your device.

And at the end assign concrete user to this group where you configured Radius shell parameter.

rg

jl

Beginner

Re: RADIUS Vendor-Specific attribute

hi,

can you give the special .ini file examle?thks a lot!