ā05-14-2012 04:49 AM - edited ā03-10-2019 07:05 PM
Hi All
I have been tasked with migrating from ACS 4 to ACS 5.3
I havent had any training and so i am finding it a bit different.
Currently i have this issue -
I have a group in the ACS 4 for users accessing via wireless on the ACS -
Its called Service Desk
It has the following ticked -
Wireless-WCS HTTP
Custom attributes
With the following attributes -
virtual-domain0=CRUK
role0=LobbyAmbassador
task0=Configure Guest Users
task1=Lobby Ambassador User Preferences
Would i perhaps have to create the above and reference them in a compound condition with a protocol of http ?
If that is correct where do i put in the custom attributes above
Thanks in advance for any help as this is nothing like 4.0
Steve
ā05-14-2012 08:13 AM
I have created a shell Profile under policy elements ā
Under the custom attributes i have put in the attributes under manually entered
With a common task default priv of 0 and no max privilege.
Under Access policies /default device admin/ authorization
Ihave made a new rule ā with compound condition -
Put the appropriate AD group in current condition
And NDG device is WLC with the shell profile above referenced.
Does that sound right ?
Steve
ā05-14-2012 09:18 AM
Hi Steve,
It sounds right, here is a screenshot of how it looks on my ACS:
ā05-15-2012 01:08 AM
Hi Maurizio
Can you send me that screenshot again please- cant see it.
Steve
Sent: 14 May 2012 17:19
To: Steve Switzer
Subject: - Re: ACS 5.3 - custom attributes and wireless-groups
Home<>>
Re: ACS 5.3 - custom attributes and wireless-groups
created by Mauricio Zamora<> in AAA, Identity and NAC - View the full discussion<>>>
ā05-18-2012 04:46 AM
Hi
Heres a complete rundown of how i have guessed it maybe done -
Hi All
As previous posters may have noticed i have been given the task of moving the ACS
from 4.0 to 5.3 which turns out to be considerably different.
Sadly i have nothing to test with at the moment so am trying to work it out as best i can
before the abbreviated period of cutover begins.
I have a Service Desk group setting in 4.0
Under groups i have the group settings and down the bottom i have the following -
(ticked ) Wireless-WCS HTTP
(ticked ) Custom Attributes
Then in the box -
virtual-domain0=CRUK
role0=LobbyAmbassador
task0=Configure Guest Users
task1=Lobby Ambassador User Preferences
Fine but that doesnt translate directly into any 5.3 settings.
I assume that i would do the following
In policy elements create a shell profile (Service Desk) with the following settings -
Privilege level 0
Custom attributes
Manually entered -
attribute requirement Value
virtual-domain mandatory virtual-domain0=CRUK
role mandatory role0=LobbyAmbassador
task0 mandatory task0=Configure Guest Users
task1 mandatory task1=Lobby Ambassador User Preferences
submit that and then go to -
Access Policies/default device admin/Authorisation
Create a new Rule
Add the correct AD group in compound condition AD-AD1 attribute ExternalGroups value static
in NDG:Device Type - reference the WLC (previously created as device type with ip address)
Then in Results reference the above shell profile - Service Desk.
Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont
have much time to get it working with the real wireless
Thanks in advance
Steve
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: