ACS 3.3 Send Radius Attribute 135 & 136

Unanswered Question
Jun 26th, 2007
User Badges:

Hi


I need an ACS box to return IETF RADIUS attributes 135 & 136 to a NAS for the assignment of DNS servers to clients.


The ACS 3.3 user guide lists these as supported IETF RADIUS Attributes however they don't seem to be available under Interface Configuration--> Radius IETF.


Would anyone know how I can enable these ?


Thanks


Leon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
Premdeep Banga Tue, 06/26/2007 - 12:50
User Badges:
  • Gold, 750 points or more

Hi,


The NAS client (AAA Client) that you have defined on ACS, configure it as Authenticate using RADIUS(Ascend).


And then go to Interface Configuration > Radius(Ascend) and check,


[135] Ascend-Client-Primary-DNS,

[136] Ascend-Client-Secondary-DNS


then configure them under Group, and see if that works.


Regards,

Prem

Premdeep Banga Tue, 06/26/2007 - 12:53
User Badges:
  • Gold, 750 points or more

Hi,


You can also specify,


Radius cisco-av pair as[Radius(IOS/PIX)],


ip:dns-servers=x.x.x.x y.y.y.y


Regards,

Prem

lmslattery Tue, 06/26/2007 - 13:13
User Badges:

Hi Prem


Thanks for you suggestions.


Attributes 135 & 136 don't appear under Acend either unfortunatly.


I have specified the ip:dns-servers AV Pair as you suggested and will see how that goes.


Thanks


Leon

Premdeep Banga Tue, 06/26/2007 - 13:23
User Badges:
  • Gold, 750 points or more

Thats strange Leon,


Because I can see it on ACS 3.3.3. See the screen shots.


Try to restart the CSAdmin service.


Regards,

Prem



Attachment: 
lmslattery Tue, 06/26/2007 - 13:50
User Badges:

Hi Prem


I see what you mean from the Screenshot.


I definatly don't have half the attributes listed that you have.


I'm workinh with an ACS Solution engine appliance if that makes any difference ?


I have restarted it's services.


Regards


Leon

Premdeep Banga Tue, 06/26/2007 - 15:23
User Badges:
  • Gold, 750 points or more

Hi Leon,


That is quite strange. You should have those attributes.


As you mentioned you have ACS SE, if you could console into it. Issue command,


stop csadmin

start csadmin


Or rebooting ACS SE will re-start the CSAdmin server.


If you are restarting services from, System Configuration > Service Control, then that wont restart the CSAdmin service.


Give that a try.


Regards,

Prem

Actions

This Discussion