Acs 5.3 - wireless conversion from 4.0

Unanswered Question
May 18th, 2012
User Badges:

Hi All

As previous posters may have noticed i have been given the task of moving the ACS

from 4.0 to 5.3 which turns out to be considerably different.

Sadly i have nothing to test with at the moment so am trying to work it out as best i can

before the abbreviated period of cutover begins.

I have a Service Desk group setting in 4.0

Under groups i have the group settings  and down the bottom i have the following -

(ticked )  Wireless-WCS HTTP

(ticked ) Custom Attributes

Then in the box -



task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

Fine but that doesnt translate directly into any 5.3 settings.

I assume that i would do the following

In policy elements create a shell profile (Service Desk) with the following settings -

Privilege level 0

Custom attributes

Manually entered -   

attribute              requirement              Value

virtual-domain      mandatory               virtual-domain0=CRUK

role                    mandatory               role0=LobbyAmbassador

task0                 mandatory               task0=Configure Guest Users

task1                 mandatory               task1=Lobby Ambassador User Preferences

submit that and then go to  -

Access Policies/default device admin/Authorisation

Create a new Rule

Add  the correct AD group in compound condition AD-AD1   attribute ExternalGroups  value static

in NDG:Device Type -  reference the WLC (previously created as device type with ip address)

Then in Results reference the above shell profile - Service Desk.

Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont

have much time to get it working with the real wireless

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mansrini Mon, 05/21/2012 - 21:39
User Badges:
  • Cisco Employee,


The process is correct.. However Iam pointing out the following mistakes

It should not be

virtual-domain      mandatory               virtual-domain0=CRUK

rather it should be

virtual-domain0      mandatory               CRUK

In 4.x , virtual-domain0=CRUK means virtual-domain0 is the attribute and CRUK is the value.. Pls follow the same for all the AV pairs listed above..



This Discussion

Related Content