International Engineering Task Force [IETF] leavingcisco.com). If you require attributes for other vendors,create the new dictionary manually using this procedure." /> International Engineering Task Force [IETF] leavingcisco.com). If you require attributes for other vendors,create the new dictionary manually using this procedure." />
Guest

Cisco Secure Access Control Server for Unix

Configuring Vendor Specific Attributes in Cisco Secure ACS for UNIX

Cisco - Configuring Vendor Specific Attributes in Cisco Secure ACS for UNIX

Document ID: 46742

Updated: May 14, 2009

   Print

Introduction

This document provides instruction for configuring Vendor Specific Attributes (VSAs) in Cisco Secure ACS for UNIX. By default, Cisco Secure ACS for UNIX supports attributes for Cisco IOS® Software Release 11.1, 11.2, 11.3, Ascend-RADIUS, Ascend5-RADIUS, and IETF-RADIUS (the set of RADIUS attribute-value pairs defined by the International Engineering Task Force [IETF] leavingcisco.com). If you require attributes for other vendors, create the new dictionary manually using this procedure.

Prerequisites

Requirements

Before attempting this configuration, please ensure that you meet these prerequisites:

Components Used

The information in this document is based on this software version:

  • Cisco Secure ACS for UNIX version 2.3(6).

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Add a Custom Dictionary and Configure Attributes

VSAs

In this example, Nortel VSAs are added. Attributes for any vendor can be added in the same way. Follow these instructions:

  1. Log into the server GUI by browsing to http://<server_name_or_ip_address>/cs.

  2. Click on Advanced to go to the Cisco Secure Advanced Configurator.

  3. At the Advanced screen, click Advanced again to launch the Advanced Java Applet.

  4. Click on the Dictionaries tab.

    csu-vsa-1.gif

  5. By default, the Nortel dictionary file is not included so it needs to be manually added. Highlight the IETF dictionary file and click Copy.

    csu-vsa-2.gif

  6. Name the new dictionary file. For example, "Bay1".

    csu-vsa-3.gif

  7. The new dictionary file should be highlighted. If not, click on it to highlight and then click Edit.

    csu-vsa-4.gif

  8. In the bottom right-hand corner, click the button labeled Vendor=..., change the value to 1584 (this is the Nortel Vendor ID), and then click OK.

    csu-vsa-5.gif

  9. Click New to add the VSA .

    csu-vsa-6.gif

  10. Referring to the Nortel Dictionary of RADIUS VSAs section of RADIUS Attributes, add the first VSA for "Bay-Local-IP-Address", VSA 035 by typing 035 in the box and clicking OK.

    csu-vsa-7.gif

  11. When you return to the main screen, you will notice that the bottom section is now editable. Click the Non Vendor drop-down list and change this to Vendor Specific (refer to the picture in step 14).

  12. Click on the Empty box and add Bay-Local-IP-Address (refer to the picture in step 14).

  13. Change the drop-down box that says 'string' to read 'ipaddr' (refer to the picture in step 14).

  14. Click the green check box next to this drop-down list.

    csu-vsa-8.gif

  15. This VSA now appears in the list of IDs.

    csu-vsa-9.gif

  16. To add further attributes, follow steps 10 through 15.

  17. Once all of the VSAs have been entered, click Save.

  18. You can now logoff.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: May 14, 2009
Document ID: 46742