05-05-2008 12:22 PM - edited 03-10-2019 03:49 PM
Has anyone configured their APC UPS network managment cards to authenticate to ACS. The cards support radius, and I have that working, but the user only works as read only. How can I get them to work at at admin level ? I am not sure how to pass the attibutes back to the UPS.
Thanks for any tips.
Randy
Solved! Go to Solution.
12-08-2011 02:30 PM
FYI
I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.
05-06-2008 05:10 AM
Randy,
It works , no issues at all. In order to get all the options on the APC cards, you need to integrate the .ini file provided by the vendor.
With that INI we will upload APC radius attributes in acs.
Regards,
~JG
Do rate helpful posts
03-28-2017 12:32 PM
I realize that this is a VERY old thread... but... I figured I'd give it a shot.
Has anyone successfully configured an APC UPS network management cards to authenticate in ISE 2.1? I have them authenticating properly in ACS 5.x, so I know the "basics" of setting up the dictionary and believe that I have the "radius vendors" setup correctly. However I'm missing the "policy sets". Similar to the start of this thread, my current ISE setup has all users logging in as "read only".
If so, any setup guides? Thanks...
05-04-2017 05:14 PM
I am on 2.2 and have the same question.
05-06-2008 05:14 AM
You need to return some APC Vendor Specific Attributes. These will not be defined in ACS so you'll need to add them. This process is documented in the ACS User Guide - basically you create a .ini file with the VSA info and load it with csutil or rdbms sync.
APCs vendor id is 318. You need to add a single integer attribute "APC-Service-Type" (id #1) which can take the following values:
1 adminsitrator
2 device-manager
3 read-only users
Good luck
Darran
05-08-2008 09:32 AM
Guys,
Sorry I forgot to post that I had it working. It was easier than I thought because all I needed to do was add Radius IETF option #6 and select "administrative".
I did see the APC info regarding VSA's, but I did not know how you input that data. I will have to look into the csutil and rdmns sync utilities since I am new to ACS.
thanks,
Randy
12-08-2011 02:30 PM
FYI
I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.
06-05-2008 04:03 PM
Save the following into an ini file and use the CS Utils feature to import the UDF / VSA
Don't include the lines "====" bits!
You can rename the Admin/Device/ReadOnly to what ever you like as the interger value is what is important, the name is only used byt the ACS interface for displaying the options in the HTML.
=====================================
[User Defined Vendor]
Name=APC Devices
IETF Code=318
VSA 1=APC-Service-Type
[APC-Service-Type]
Type=INTEGER
Profile=OUT
Enums=APC-Auth-Type
[APC-Auth-Type]
1=Admin
2=Device
3=ReadOnly
=====================================
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: