ā05-14-2012 04:49 AM - edited ā03-10-2019 07:05 PM
Hi All
I have been tasked with migrating from ACS 4 to ACS 5.3
I havent had any training and so i am finding it a bit different.
Currently i have this issue -
I have a group in the ACS 4 for users accessing via wireless on the ACS -
Its called Service Desk
It has the following ticked -
Wireless-WCS HTTP
Custom attributes
With the following attributes -
virtual-domain0=CRUK
role0=LobbyAmbassador
task0=Configure Guest Users
task1=Lobby Ambassador User Preferences
Would i perhaps have to create the above and reference them in a compound condition with a protocol of http ?
If that is correct where do i put in the custom attributes above
Thanks in advance for any help as this is nothing like 4.0
Steve
ā05-14-2012 08:13 AM
I have created a shell Profile under policy elements ā
Under the custom attributes i have put in the attributes under manually entered
With a common task default priv of 0 and no max privilege.
Under Access policies /default device admin/ authorization
Ihave made a new rule ā with compound condition -
Put the appropriate AD group in current condition
And NDG device is WLC with the shell profile above referenced.
Does that sound right ?
Steve
ā05-14-2012 09:18 AM
Hi Steve,
It sounds right, here is a screenshot of how it looks on my ACS:
ā05-15-2012 01:08 AM
Hi Maurizio
Can you send me that screenshot again please- cant see it.
Steve
Sent: 14 May 2012 17:19
To: Steve Switzer
Subject: - Re: ACS 5.3 - custom attributes and wireless-groups
Home<>>
Re: ACS 5.3 - custom attributes and wireless-groups
created by Mauricio Zamora<> in AAA, Identity and NAC - View the full discussion<>>>
ā05-18-2012 04:46 AM
Hi
Heres a complete rundown of how i have guessed it maybe done -
Hi All
As previous posters may have noticed i have been given the task of moving the ACS
from 4.0 to 5.3 which turns out to be considerably different.
Sadly i have nothing to test with at the moment so am trying to work it out as best i can
before the abbreviated period of cutover begins.
I have a Service Desk group setting in 4.0
Under groups i have the group settings and down the bottom i have the following -
(ticked ) Wireless-WCS HTTP
(ticked ) Custom Attributes
Then in the box -
virtual-domain0=CRUK
role0=LobbyAmbassador
task0=Configure Guest Users
task1=Lobby Ambassador User Preferences
Fine but that doesnt translate directly into any 5.3 settings.
I assume that i would do the following
In policy elements create a shell profile (Service Desk) with the following settings -
Privilege level 0
Custom attributes
Manually entered -
attribute requirement Value
virtual-domain mandatory virtual-domain0=CRUK
role mandatory role0=LobbyAmbassador
task0 mandatory task0=Configure Guest Users
task1 mandatory task1=Lobby Ambassador User Preferences
submit that and then go to -
Access Policies/default device admin/Authorisation
Create a new Rule
Add the correct AD group in compound condition AD-AD1 attribute ExternalGroups value static
in NDG:Device Type - reference the WLC (previously created as device type with ip address)
Then in Results reference the above shell profile - Service Desk.
Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont
have much time to get it working with the real wireless
Thanks in advance
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide