Can't create VSA Attributes in ACS 5.1

Answered Question

I have upgraded to ACS 5.1 inorder to use the RADIUS VSA feature that was added. I'm able to create the VSA Vendor object but get an error when creating the actual attributes. Therror states: This System Failure occured: {0}. Your changes have not been saved. Click OK to return to the list page. Does anyone else get this error?

Correct Answer by jrabinow about 7 years 1 month ago

The fix for this will be in patch 3 for ACS 5.1 scheduled to be available at the end of March


In addition there is a "pointed patch" that is available if you go through the support channels. Pointed patch is a temporary patch purely to fix this specific issue until such time when the formal patch is available and the pointed patch can be removed.

Correct Answer by jrabinow about 7 years 5 months ago

I went through an upgrade process on my system and am able to recreate your problem.

Problem occurs if you have the "Include attribute in log" check box selected.


As a work around can continue without the checkbox selected and should be able to add the attribute.

Impact of not selecting this is that the attribute will not appear in monitoring and troubleshooting logs but will not impact what is sent in RADIUS reponses.


I will sync up with the development team to see what can be done to resolve this

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
jrabinow Wed, 11/25/2009 - 03:48
User Badges:
  • Cisco Employee,

I can take a look at this. Can you please add some specifics of

name and ID of vendor you are trying to add, some

of the attributes and the browser you are using

Thank you. I'm running IE 8.0.7100.0 on Windows 7 and also got the error on Windows 2003 Server running IE 6.0.3790.3959. The VSA's I'm trying to create are for Aruba Wireless Networks with Vendor ID: 14823. Details below on the attributes I can't create:

  • Aruba-User-Role
    • ID: 1
    • Type: String
    • Direction: Out
    • Multiples: False
  • Aruba-Admin-Role
    • ID: 4
    • Type: String
    • Direction: Out
    • Multiples: False


Here's the error message...

Thank you for your assistance

jrabinow Wed, 11/25/2009 - 09:27
User Badges:
  • Cisco Employee,

ACS 5.1 does not support Internet Explorer 8; only 6 and 7 as well as Firefox 3.

I successfully created VSA for the vendor/attribue you gave on IE6 and Firefiox 3.


Can you try with a different browser

jrabinow Wed, 11/25/2009 - 12:38
User Badges:
  • Cisco Employee,

Mine is a clean installation. Version is 5.1.0.44 (

Internal Build ID : B.2347)


Although I can't recreate, I do have a couple more suggestions to try:

- Enter a Vendor name as a single word (no spaces or other characters)

- There are two ways to navigate to the attributes page


1) System Administration > ... > Configuration > Dictionaries > Protocols > RADIUS > RADIUS VSA and then select "Show Vendor Attributes"

2) Clicking on name of vendor in left nav and then pressing "Create"

Suggest to try both ways of adding an attribute

I have the same version but mine was an upgrade. I tried using just Aruba as the vendor  name and it is a no go. I have been all over looking for the "Show Vendor Attributes" selection but can't find it. The only way I have to create the attributes is to left click on the Vendor I created (on left pane) and then click Create on the bottom of the right pane. I'm I missing something?


******************************************************************

Cisco Application Deployment Engine OS Release: 1.2
ADE-OS Build Version: 1.2.0.146
ADE-OS System Architecture: i386


Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.1.0.44
Internal Build ID : B.2347

******************************************************************

jrabinow Wed, 11/25/2009 - 14:10
User Badges:
  • Cisco Employee,

You can get to "Show Vendor Attributes" as follows:

Go to '

System Administration > ... > Configuration > Dictionaries > Protocols > RADIUS > RADIUS VSA'

select the vendor you wish and the "Show Vendor Attributes" button

Based on what you have said so far I don't think this will help so maybe more for completeness

You can get more details on the system error by issuing the following command at the CLI:

show acs-logs filename ACSManagement.log | last 80

Correct Answer
jrabinow Wed, 11/25/2009 - 14:55
User Badges:
  • Cisco Employee,

I went through an upgrade process on my system and am able to recreate your problem.

Problem occurs if you have the "Include attribute in log" check box selected.


As a work around can continue without the checkbox selected and should be able to add the attribute.

Impact of not selecting this is that the attribute will not appear in monitoring and troubleshooting logs but will not impact what is sent in RADIUS reponses.


I will sync up with the development team to see what can be done to resolve this

I guess that is both bad and good news. Thank you for all the assistance in getting this problem addressed. I was able to generate the attributes as you suggested. As an FYI... I mis-typed one of the attributes and I'm not able to edit or delete the attribute. I was able to create a new attribute with the correct name but can't get rid of the incorrect entries. Please let me know when you get a response from the development team.


Thank for everything. This support experience as been more benefitial then I expected it to be. Great job to you and Cisco!

jrabinow Sat, 12/12/2009 - 21:44
User Badges:
  • Cisco Employee,

Fix for this is targetted for 2nd patch for ACS 5.1. Traget date is around end of January

Correct Answer
jrabinow Wed, 03/03/2010 - 02:05
User Badges:
  • Cisco Employee,

The fix for this will be in patch 3 for ACS 5.1 scheduled to be available at the end of March


In addition there is a "pointed patch" that is available if you go through the support channels. Pointed patch is a temporary patch purely to fix this specific issue until such time when the formal patch is available and the pointed patch can be removed.

jrabinow Sun, 05/30/2010 - 04:36
User Badges:
  • Cisco Employee,

Fix for this issue is ready and available on CCO and included in patch 5.1.0.44.3

The patch is included in all cumulative patches from version 5.1.0.44.3 and later.

We recommend that you download the latest cumulative patch.


Download from: CCO / Support / Download Software http://www.cisco.com/public/sw-center/index.shtml


Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.1 / 5.1.0.44


Patch filename: 5-1-0-44-.tar.gpg


Readme and installaion instructions: Acs-5-1-0-44--Readme.html

Actions

This Discussion

Related Content