This document provides instruction for configuring Vendor Specific
Attributes (VSAs) in Cisco Secure ACS for UNIX. By default, Cisco Secure ACS
for UNIX supports attributes for Cisco IOS® Software Release 11.1, 11.2, 11.3,
Ascend-RADIUS, Ascend5-RADIUS, and IETF-RADIUS (the set of RADIUS
attribute-value pairs defined by the
International Engineering Task
). If you require attributes for other vendors, create the
new dictionary manually using this procedure.
Before attempting this configuration, please ensure that you meet these
The information in this document is based on this software version:
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
For more information on document conventions, see the
Cisco Technical Tips
In this example, Nortel VSAs are added. Attributes for any vendor can
be added in the same way. Follow these instructions:
Log into the server GUI by browsing to
Click on Advanced to go to the Cisco Secure
At the Advanced screen, click Advanced again to
launch the Advanced Java Applet.
Click on the Dictionaries tab.
By default, the Nortel dictionary file is not included so it needs
to be manually added. Highlight the IETF dictionary file and
Name the new dictionary file. For example, "Bay1".
The new dictionary file should be highlighted. If not, click on it
to highlight and then click Edit.
In the bottom right-hand corner, click the button labeled
Vendor=..., change the value to 1584 (this is
the Nortel Vendor ID), and then click OK.
Click New to add the VSA .
Referring to the Nortel Dictionary of RADIUS
VSAs section of
Attributes, add the first VSA for "Bay-Local-IP-Address", VSA 035 by
typing 035 in the box and clicking OK.
When you return to the main screen, you will notice that the bottom
section is now editable. Click the Non Vendor drop-down list
and change this to Vendor Specific (refer to the picture in
Click on the Empty box and add
Bay-Local-IP-Address (refer to the picture in step 14).
Change the drop-down box that says 'string' to read 'ipaddr' (refer
to the picture in step 14).
Click the green check box next to this drop-down
This VSA now appears in the list of IDs.
To add further attributes, follow steps 10 through 15.
Once all of the VSAs have been entered, click
You can now logoff.
There is currently no verification procedure available for this
There is currently no specific troubleshooting information available
for this configuration.