Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1994
Views
0
Helpful
3
Replies

Integrate WSA 7.5 with ACS 5.2

hector.ricapa
Level 1
Level 1

‎10-02-2012 01:16 PM

Hello All,

I would like to assign Roles to users using external authentication via Radius (ACS 5.2). The Ironport user guide documentation saids that I have to map a Radius Class to a Role, but I dont know what attribute to add or modify in ACS 5.2 in order to make it work.

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

Erik Kaiser
Cisco Employee
Cisco Employee

‎10-02-2012 10:09 PM

Hi Hector,

I will have to investiate this further to provide you with an answer.

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
0 Helpful

hector.ricapa
Level 1
Level 1
In response to Erik Kaiser

‎10-03-2012 09:10 AM

OK Erik, thanks a lot.

0 Helpful

Ahmad Murad
Level 1
Level 1

‎10-07-2012 08:12 AM

Hello Hector,

You need to use Radius Class 25 Attributes to map the username to the role you need.

I have tested it and it is working fine.

On the ACS, you need add the WSA as AAA Radius client and then create an authorization profile and on Radius Attributes, you need to create attributes with Value "username" will be used to login.

Also you need to complete the policy element configuration for the WSA.

On the WSA, you need to configure it like the following:

On the Group-Mapping, the RADIUS CLASS attribute is the same as "username" configured on the ACS with the Class 25 attributes.

Ex: "test", or "cisco" and then map it to the role (Administrator, Operator, ....)

Then login to the device using the username/password. If you need to check that it is working, try the Guest role for testing purposes, the Reporting page will appear only with this role.

If you have any question, let me know.

Thanks.

Ahmad.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents