Enabling VSA option 26 in ACS v4.1

Unanswered Question
Sep 11th, 2008

Hi,

I am not able to see option 26 (VSA) under Radius IETF.I can see the rest except for the VSA. I need to enable this as I am configuring non Cisco AAA client which is SonicWall 2040 Firewall.

Any Idea, pls advise.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Premdeep Banga Thu, 09/11/2008 - 04:19

You need to import the SonicWall Radius dictionary into ACS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_CSUtil.html#wp365540

then create a AAA client using RADIUS (SonicWall).

then go to Interface Configuration, and make the Sonicwall attributes to appear under user/group configuration section.

This is how 26 is implement in ACS.

Regards,

Prem

Please rate if it helps!

ramarao Thu, 09/11/2008 - 04:57

Hi Prem,

Thanks for the update.

Is it the same procedure for ACS SE.

And, any chance for you to know how to import the radius dictionary. Is it imported directly from Sonicwall appliance.

Thank you

ramarao Thu, 09/11/2008 - 05:27

Hi Prem,

The process looks very confusing and not straight forward.

I have also checked the sonicwall site, there are another option which uses attribute 11 (filter-id) for radius authentication.

Not sure whether it will work with Cisco ACS, have you / anyone tried before.

And, are there any option in ACS where we can set the authentication to PAP

Thank you

ramarao Thu, 09/11/2008 - 06:30

Hi,

Can NAC Attribute Management adds the SonicWall VSA?

Thank you

Premdeep Banga Thu, 09/11/2008 - 07:07

Actually, till the point you dont want to use the VSA from SonicWall you can use RADIUS(IETF) and should be able to authenticate fine. PAP needs to be configured on Sonic Wall. ACS can authenticate PAP,CHAP,MSCHAP1/2

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/Overvw.html#wp857274

If you need assistance in creating accountsaction.csv for sonicwall, you can get some help from TAC, get the disctionary file from SonicWall and pass it over to TAC.

Regards,

Prem

Please rate if it helps!

Actions

This Discussion