cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1861
Views
0
Helpful
4
Replies

ACS 5.3 - custom attributes and wireless-groups

steve switzer
Level 1
Level 1

Hi All

I have been tasked with migrating from ACS 4 to ACS 5.3

I havent had any training and so i am finding it a bit different.

Currently i have this issue -

I have a group in  the ACS 4 for users accessing via wireless on the ACS -

Its called Service Desk

It has the following ticked -

Wireless-WCS HTTP

Custom attributes

With the following attributes -

virtual-domain0=CRUK

role0=LobbyAmbassador

task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

Would i perhaps have to create the above and reference them in a compound condition with a protocol of http ?

If that is correct where do i put in the custom attributes above

Thanks in advance for any help as this is nothing like 4.0

Steve

4 Replies 4

steve switzer
Level 1
Level 1

I have created a shell Profile under policy elements –

Under the custom attributes i have put in the attributes under manually entered

With a common task default priv of 0 and no max privilege.

Under Access policies /default device admin/ authorization

Ihave made a new rule – with compound condition  -

Put the appropriate AD group in current condition

And NDG device is WLC with the shell profile above referenced.

Does that sound right ?

Steve

Hi Steve,

It sounds right, here is a screenshot of how it looks on my ACS:

Hi Maurizio

Can you send me that screenshot again please- cant see it.

Steve

From: mauzamor

Sent: 14 May 2012 17:19

To: Steve Switzer

Subject: - Re: ACS 5.3 - custom attributes and wireless-groups

Home<>

Re: ACS 5.3 - custom attributes and wireless-groups

created by Mauricio Zamora<> in AAA, Identity and NAC - View the full discussion<>

Hi

Heres a complete rundown of how i have guessed it maybe done -

Hi All

As previous posters may have noticed i have been given the task of moving the ACS

from 4.0 to 5.3 which turns out to be considerably different.

Sadly i have nothing to test with at the moment so am trying to work it out as best i can

before the abbreviated period of cutover begins.

I have a Service Desk group setting in 4.0

Under groups i have the group settings  and down the bottom i have the following -

(ticked )  Wireless-WCS HTTP

(ticked ) Custom Attributes

Then in the box -

virtual-domain0=CRUK

role0=LobbyAmbassador

task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

Fine but that doesnt translate directly into any 5.3 settings.

I assume that i would do the following

In policy elements create a shell profile (Service Desk) with the following settings -

Privilege level 0

Custom attributes

Manually entered -   

attribute              requirement              Value

virtual-domain      mandatory               virtual-domain0=CRUK

role                    mandatory               role0=LobbyAmbassador

task0                 mandatory               task0=Configure Guest Users

task1                 mandatory               task1=Lobby Ambassador User Preferences

submit that and then go to  -

Access Policies/default device admin/Authorisation

Create a new Rule

Add  the correct AD group in compound condition AD-AD1   attribute ExternalGroups  value static

in NDG:Device Type -  reference the WLC (previously created as device type with ip address)

Then in Results reference the above shell profile - Service Desk.

Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont

have much time to get it working with the real wireless

Thanks in advance

Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: