ACS and APC UPS - radius authentication

Endorsed Question
May 5th, 2008
User Badges:

Has anyone configured their APC UPS network managment cards to authenticate to ACS. The cards support radius, and I have that working, but the user only works as read only. How can I get them to work at at admin level ? I am not sure how to pass the attibutes back to the UPS.


Thanks for any tips.

Randy


Cisco Endorsed by Ernst Von Ibsch
Nathan Eger about 5 years 3 months ago

FYI


I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (3 ratings)
Loading.
Jagdeep Gambhir Tue, 05/06/2008 - 05:10
User Badges:
  • Red, 2250 points or more

Randy,

It works , no issues at all. In order to get all the options on the APC cards, you need to integrate the .ini file provided by the vendor.


With that INI we will upload APC radius attributes in acs.



Regards,

~JG


Do rate helpful posts

john.holt Tue, 03/28/2017 - 12:32
User Badges:

I realize that this is a VERY old thread... but... I figured I'd give it a shot.

Has anyone successfully configured an APC UPS network management cards to authenticate in ISE 2.1?  I have them authenticating properly in ACS 5.x, so I know the "basics" of setting up the dictionary and believe that I have the "radius vendors" setup correctly.  However I'm missing the "policy sets".  Similar to the start of this thread, my current ISE setup has all users logging in as "read only".

If so, any setup guides?  Thanks...

darpotter Tue, 05/06/2008 - 05:14
User Badges:
  • Silver, 250 points or more

You need to return some APC Vendor Specific Attributes. These will not be defined in ACS so you'll need to add them. This process is documented in the ACS User Guide - basically you create a .ini file with the VSA info and load it with csutil or rdbms sync.


APCs vendor id is 318. You need to add a single integer attribute "APC-Service-Type" (id #1) which can take the following values:


1 adminsitrator

2 device-manager

3 read-only users



Good luck

Darran


rduke Thu, 05/08/2008 - 09:32
User Badges:

Guys,

Sorry I forgot to post that I had it working. It was easier than I thought because all I needed to do was add Radius IETF option #6 and select "administrative".


I did see the APC info regarding VSA's, but I did not know how you input that data. I will have to look into the csutil and rdmns sync utilities since I am new to ACS.


thanks,

Randy

Nathan Eger Thu, 12/08/2011 - 14:30
User Badges:

FYI


I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.


CSCO10973017 Thu, 06/05/2008 - 16:03
User Badges:

Save the following into an ini file and use the CS Utils feature to import the UDF / VSA


Don't include the lines "====" bits!

You can rename the Admin/Device/ReadOnly to what ever you like as the interger value is what is important, the name is only used byt the ACS interface for displaying the options in the HTML.


=====================================

[User Defined Vendor]


Name=APC Devices

IETF Code=318


VSA 1=APC-Service-Type


[APC-Service-Type]

Type=INTEGER

Profile=OUT

Enums=APC-Auth-Type


[APC-Auth-Type]

1=Admin

2=Device

3=ReadOnly

=====================================

Actions

This Discussion