ACS and brocade switch support!!!!

Answered Question
Jul 20th, 2009

Hi Experts,

I have two queries:-

1) Does Broacade switch supports ACS ?

2) I am trying to configure a Brocade switch to get Radius authentification on an ACS server. But get the user right and not a admin right ?

Can you please tell me how do i assign the admin right for brocade switch??

Thanks in advance.

Regards

Neha.

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 7 years 5 months ago

Configure ACS Appliance to Import Your CSV

A. Go to Interface Configuration > Advanced Options

B. Place a check in RDBMS Synchronization and click Submit

C. Go to System Configuration > RDBMS Synchronization

D. Enter the name of the CSV in the Actions File field

E. Enter the FTP server IP, the directory where the CSV resides on the FTP server, and the username and password for ACS to use to access the FTP server in the appropriate fields

F. Choose Manual synchronization

G. Make sure your server is listed in the Synchronize column of the Synchronization Partners section and click Submit

H. Go back into RDBMS Synchronization and click Synchronize Now and the updates should take place.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
Loading.
Jagdeep Gambhir Mon, 07/20/2009 - 08:40

Neha,

To make it work with ACS you need to upload Brocade VSA to ACS.

VSA- Vendor specific attribute.

Please ask Brocade support to provide dictionary file. Once you have it , we need to upload it to ACS using RDBMS sync.

Regards,

~JG

Do rate helpful posts

nehakulsum Tue, 07/28/2009 - 23:37

Hi Jagdish,

I have updated Acs server. And the file action.csv imported to the ACS but authentication with admin right still doesn't work.

I followed the correct method and change but still no luck...Kindly let me know what else do we need to look now?

Any help would be appriciated.

Thanks

neha

Jagdeep Gambhir Wed, 07/29/2009 - 00:17

Hi Neha,

Do you see Broacade name listed in group setup, Make sure that Broacade switch in network configuration is using radius (Broacade) protocol, then only it will work.

If it configured well then we need to check if ACS is pushing correct attributes required for admin access.

You can run debugs or sniffer on switch to know if acs is sending required attributes.

Incase all required attributes are pushed then you need to check it with Broacade support.

Regards,

~JG

Do rate helpful posts

nehakulsum Wed, 07/29/2009 - 01:22

Hi Jagdish,

Thanks for the explanation.

Yes I have selected radius(Brocade) protocol. Further more I did sniffer from src to destination and here is te result.

Sniffer trace shows as Radius Malformed Packet.

Exp of pkt flow:-

1) Src: 1.1.1.1 dst 2.2.2--> Radius access-request (1)

2) Src: 2.2.2.2 dst 1.1.1.1-> Radius

access-Accept(2)[Malformed Packet]

if i further open this it says:

saw under AVP:

VSA: 1-65 t=unknonw-Attribute(1):

[Malformed Packet: RADIUS]

Any suggestions???

Regards

Neha.

nehakulsum Wed, 07/29/2009 - 06:27

Hi Jagdish,

I doublecheked everything.

1) Selected radius brocade.

2) Syn properly.

But still the issue? Please suggest the next step???

Regards

Neha

Jagdeep Gambhir Thu, 07/30/2009 - 06:22

Neha,

Can you provide me the rds.log file? Need to check logs. Let me know if you don't know the location of rds log in acs.

Regards,

~JG

nehakulsum Thu, 07/30/2009 - 06:38

Hi Jagdish,

Thanks to look this as this is very critical for me.

Ok I got to know the place to collect the rds.log? In the mean time can you please leave a note on what needs to be checked there ? As it might take some time to upload the file here.

Waiting for your update.

Regards

Neah.

Jagdeep Gambhir Thu, 07/30/2009 - 07:04

Hi,

Follow these instructions even if the ACS is already running in detailed logging mode. This will ensure that all the proper service startup information is included in the package.cab file.

System Configuration --> Service Control --> Level of detail - Full At this point, we need to duplicate the issue.

Do whatever is causing the problem, or wait for the problem to occur again if it's not triggered by a direct sequence of events. Once that's done, we need to gather the verbose logs created. To do so, follow the instructions below AFTER the problem has been recreated and recorded:

System Configuration --> Support -->Enable generate logs and Collect last x day logs and Collect Log Files

Run Support Now. Please save this file and unzip it. You will see a file called rds.log

This file contains all of the log information from ACS.

Regards

nehakulsum Mon, 08/03/2009 - 11:01

Jagdish,

Can you please provide me update on this???

Regards

Neha.

Jagdeep Gambhir Tue, 08/04/2009 - 00:15

Neha,

RDS logs shows correct vsa. Can you provide me the sniffer trace, we need to make sure that values are not truncated. If it is not then we need to check it from brocade support.

Regards,

nehakulsum Tue, 08/04/2009 - 03:24

Jag,

Kindly let me know what sniffer traces you required???

Regards,

Neha.

Jagdeep Gambhir Tue, 08/04/2009 - 05:44

You can sniff switch port or ACS interface using ethereal or wireshark.

I would like to see whole event when user tries to login to that switch.

Regards,

nehakulsum Tue, 08/04/2009 - 07:19

Jag,

Please find the trace attached.

tried both with Admin and "admin":-

I see under Radius as (Malformed packet:Radius) and below are the extract of admin:-

with small admin:

0000 00 05 1e 02 23 f0 00 1b 24 5e 67 4d 08 00 45 00 ....#... $^gM..E.

0010 00 3b 38 23 00 00 80 11 5a ab 0a 4b 49 a6 0a 4b .;8#.... Z..KI..K

0020 49 a8 06 6d 0b e4 00 27 a7 2a 02 3f 00 1f f8 7e I..m...' .*.?...~

0030 73 78 fb 12 bc 70 c2 eb 0c dc 76 33 43 5e 1a 0b sx...p.. ..v3C^..

0040 00 00 06 34 01 61 64 6d 69 ...4.adm i

Regards,

Neha.

nehakulsum Thu, 08/06/2009 - 07:52

Jag,

Thanks for all your support on this you are been very helpfull I heartly appriciate it.

I will go ahead and upgrade to 4.2 and apply the patch.

Last but least:-

Can you tell me the steps in order to remove the VSA ? ACS is on Cisco applicance .....

I know the procedure for ACS on windows.

Regards,

Neha.

Correct Answer
Jagdeep Gambhir Fri, 08/07/2009 - 01:18

Configure ACS Appliance to Import Your CSV

A. Go to Interface Configuration > Advanced Options

B. Place a check in RDBMS Synchronization and click Submit

C. Go to System Configuration > RDBMS Synchronization

D. Enter the name of the CSV in the Actions File field

E. Enter the FTP server IP, the directory where the CSV resides on the FTP server, and the username and password for ACS to use to access the FTP server in the appropriate fields

F. Choose Manual synchronization

G. Make sure your server is listed in the Synchronize column of the Synchronization Partners section and click Submit

H. Go back into RDBMS Synchronization and click Synchronize Now and the updates should take place.

nehakulsum Tue, 08/11/2009 - 06:09

Hi Jagdish,

It works now. Thanks a ton for your support . I heartly appriciate the way you have supported on this case. You are a champ on ACS and you deserve it as well.

Believe me I am really happy that my problem is resolved now with all your help on this.

Again I thank you for the support. God bless you.

Regards,

Neha.

Actions

This Discussion