Cisco ASC 4.2 + radius + HP procurve switches

Answered Question
Jul 16th, 2008

Hello!

We have mixed network enviroment with cisco / HP equipment.

We are currently evaluating the Cisco ACS 4.2 to manage network access to the network equipment.

The cisco equipment works great but we are having problems the the procurve switches and radius (tacacs works great)

I've googled around and it seems that you need to create a new "vendor-specific attributes (VSAs)" for the procurve switches and edit the radius IETF settings to suit the right variables that needs to match the HP equipment.

Problem is that I cannot find this information anywhere online.

Has anyone else managed to solve this problem?

Would really appreciate the help!

Thanks

BR

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 8 years 4 months ago

Generally we need to upload VSA to acs. You need to get ini file from HP. Once you have you need to create vsa and upload it to acs.

As we require to add vendor specific attribute into ACS , then we first need to

create a file "accountActions.csv" using the format specified in "RDBMS Synchronization

Import Definition", once we are ready with the file, then we need to do a RDBMS

Synchorization of the file of ACS SE, and then go to :

Reports and Activity > RDBMS Synchronization, and make sure that synchronization was

successful without any error. Once this is done, we need to re-boot the ACS SE, and then

we can create a new AAA client and use then new RADIUS(xxxx) and the attributes that we

have added can be made visible from :

Interface Configuration > and selecting the newly added VSA Radius attribute.

::RDBMS Synchronization::

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa

pp40/ugse40/sad.htm#wp756877

::RDBMS Synchronization Import Definition::

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa

pp40/ugse40/ag.htm

Regards,

~JG

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (5 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Wed, 07/16/2008 - 08:40

Generally we need to upload VSA to acs. You need to get ini file from HP. Once you have you need to create vsa and upload it to acs.

As we require to add vendor specific attribute into ACS , then we first need to

create a file "accountActions.csv" using the format specified in "RDBMS Synchronization

Import Definition", once we are ready with the file, then we need to do a RDBMS

Synchorization of the file of ACS SE, and then go to :

Reports and Activity > RDBMS Synchronization, and make sure that synchronization was

successful without any error. Once this is done, we need to re-boot the ACS SE, and then

we can create a new AAA client and use then new RADIUS(xxxx) and the attributes that we

have added can be made visible from :

Interface Configuration > and selecting the newly added VSA Radius attribute.

::RDBMS Synchronization::

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa

pp40/ugse40/sad.htm#wp756877

::RDBMS Synchronization Import Definition::

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csa

pp40/ugse40/ag.htm

Regards,

~JG

azore2007 Wed, 07/16/2008 - 09:20

Thanks for the answer JG

I'll email HP's support and hopefully they can assist with this ini file

Thanks

alfadi.albaridi... Sat, 07/26/2008 - 00:55

1. Create an ASCII file on the Cisco ACS

with a name e.g. “HP_VSA.txt“

with the following entries:

[User Defined Vendor]

Name=Hewlett-Packard

IETF Code=11

VSA 2=HP-Command-String

VSA 3=HP-Command-Exception

[HP-Command-String]

Type=STRING

Profile=IN OUT

[HP-Command-Exception]

Type=INTEGER

Profile=IN OUT

Enums=Permit-Deny

[Permit-Deny]

0=permit

1=deny

2. 2. Add the VSA to the Cisco ACS

by executing the following:

c:\....\CSUtil.exe -addUDV slot-number HP_VSA.txt

slot-number: try to put "5"

3. Go to IETF Radius Attributes:

Service-Type “Administrative“ => privilege (manager) mode

Service-Type “NAS prompt“ => login (operator) mode

Best of luck.

Alfadi Albaridi

pkaretnikov Tue, 01/11/2011 - 03:01

I know this post is old, but it was very useful in getting me pointed in the right direction. I wanted to give a cleaner example of step 2

C:\Program Files (x86)\CiscoSecure ACS v4.2\bin>CSUtil.exe -addUDV 5 HP_VSA.txt

Actions

This Discussion