ACS 5.3 - custom attributes and wireless-groups

Unanswered Question
May 14th, 2012
User Badges:

Hi All

I have been tasked with migrating from ACS 4 to ACS 5.3

I havent had any training and so i am finding it a bit different.

Currently i have this issue -

I have a group in  the ACS 4 for users accessing via wireless on the ACS -

Its called Service Desk

It has the following ticked -

Wireless-WCS HTTP

Custom attributes

With the following attributes -



task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

Would i perhaps have to create the above and reference them in a compound condition with a protocol of http ?

If that is correct where do i put in the custom attributes above

Thanks in advance for any help as this is nothing like 4.0


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
steve switzer Mon, 05/14/2012 - 08:13
User Badges:

I have created a shell Profile under policy elements –

Under the custom attributes i have put in the attributes under manually entered

With a common task default priv of 0 and no max privilege.

Under Access policies /default device admin/ authorization

Ihave made a new rule – with compound condition  -

Put the appropriate AD group in current condition

And NDG device is WLC with the shell profile above referenced.

Does that sound right ?


mauzamor Mon, 05/14/2012 - 09:18
User Badges:
  • Bronze, 100 points or more

Hi Steve,

It sounds right, here is a screenshot of how it looks on my ACS:

steve switzer Tue, 05/15/2012 - 01:08
User Badges:

Hi Maurizio

Can you send me that screenshot again please- cant see it.


From: mauzamor

Sent: 14 May 2012 17:19

To: Steve Switzer

Subject: - Re: ACS 5.3 - custom attributes and wireless-groups


Re: ACS 5.3 - custom attributes and wireless-groups

created by Mauricio Zamora in AAA, Identity and NAC - View the full discussion

steve switzer Fri, 05/18/2012 - 04:46
User Badges:


Heres a complete rundown of how i have guessed it maybe done -

Hi All

As previous posters may have noticed i have been given the task of moving the ACS

from 4.0 to 5.3 which turns out to be considerably different.

Sadly i have nothing to test with at the moment so am trying to work it out as best i can

before the abbreviated period of cutover begins.

I have a Service Desk group setting in 4.0

Under groups i have the group settings  and down the bottom i have the following -

(ticked )  Wireless-WCS HTTP

(ticked ) Custom Attributes

Then in the box -



task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

Fine but that doesnt translate directly into any 5.3 settings.

I assume that i would do the following

In policy elements create a shell profile (Service Desk) with the following settings -

Privilege level 0

Custom attributes

Manually entered -   

attribute              requirement              Value

virtual-domain      mandatory               virtual-domain0=CRUK

role                    mandatory               role0=LobbyAmbassador

task0                 mandatory               task0=Configure Guest Users

task1                 mandatory               task1=Lobby Ambassador User Preferences

submit that and then go to  -

Access Policies/default device admin/Authorisation

Create a new Rule

Add  the correct AD group in compound condition AD-AD1   attribute ExternalGroups  value static

in NDG:Device Type -  reference the WLC (previously created as device type with ip address)

Then in Results reference the above shell profile - Service Desk.

Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont

have much time to get it working with the real wireless

Thanks in advance



This Discussion

Related Content