Cisco Secure Access Control Server for Unix

Configuring Vendor Specific Attributes in Cisco Secure ACS for UNIX

Document ID: 46742

Updated: May 14, 2009



This document provides instruction for configuring Vendor Specific Attributes (VSAs) in Cisco Secure ACS for UNIX. By default, Cisco Secure ACS for UNIX supports attributes for Cisco IOS® Software Release 11.1, 11.2, 11.3, Ascend-RADIUS, Ascend5-RADIUS, and IETF-RADIUS (the set of RADIUS attribute-value pairs defined by the International Engineering Task Force [IETF] If you require attributes for other vendors, create the new dictionary manually using this procedure.



Before attempting this configuration, please ensure that you meet these prerequisites:

Components Used

The information in this document is based on this software version:

  • Cisco Secure ACS for UNIX version 2.3(6).

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


For more information on document conventions, see the Cisco Technical Tips Conventions.

Add a Custom Dictionary and Configure Attributes


In this example, Nortel VSAs are added. Attributes for any vendor can be added in the same way. Follow these instructions:

  1. Log into the server GUI by browsing to http://<server_name_or_ip_address>/cs.

  2. Click on Advanced to go to the Cisco Secure Advanced Configurator.

  3. At the Advanced screen, click Advanced again to launch the Advanced Java Applet.

  4. Click on the Dictionaries tab.


  5. By default, the Nortel dictionary file is not included so it needs to be manually added. Highlight the IETF dictionary file and click Copy.


  6. Name the new dictionary file. For example, "Bay1".


  7. The new dictionary file should be highlighted. If not, click on it to highlight and then click Edit.


  8. In the bottom right-hand corner, click the button labeled Vendor=..., change the value to 1584 (this is the Nortel Vendor ID), and then click OK.


  9. Click New to add the VSA .


  10. Referring to the Nortel Dictionary of RADIUS VSAs section of RADIUS Attributes, add the first VSA for "Bay-Local-IP-Address", VSA 035 by typing 035 in the box and clicking OK.


  11. When you return to the main screen, you will notice that the bottom section is now editable. Click the Non Vendor drop-down list and change this to Vendor Specific (refer to the picture in step 14).

  12. Click on the Empty box and add Bay-Local-IP-Address (refer to the picture in step 14).

  13. Change the drop-down box that says 'string' to read 'ipaddr' (refer to the picture in step 14).

  14. Click the green check box next to this drop-down list.


  15. This VSA now appears in the list of IDs.


  16. To add further attributes, follow steps 10 through 15.

  17. Once all of the VSAs have been entered, click Save.

  18. You can now logoff.


There is currently no verification procedure available for this configuration.


There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: May 14, 2009
Document ID: 46742