NetScreen VSA for Radius Auth template for ACS 3.0 and up

4rgartley · ‎12-10-2003

After seaching the forums for a NetScreen VSA file to use with CiscoSecure 3.0 I had to depend on making one utilizing this Cisco doc..

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/ae.htm#1981

I've tested this using CiscoSecure 3.0 (3.0(1) Build 40) for NT/2K and it works great. It should work on 3.1 also. It adds NetScreen VSA(Vendor Specific Attributes) for Radius to the admin console. I only use it for remote firewall auth but I made it to conform to all of the NetScreen VSA's available.

Using this file as is will allow multi-user authentication to NS-Admin-Privileges and authentication for all others.

This is a good template to start with for configuring your NS to to Radius with your ACS server.

Rob Gartley

----- BEGIN FILE -----

[User Defined Vendor]

Name=NetScreen

IETF Code=3224

VSA 1=NS-Admin-Privilege

VSA 2=NS-VSYS-Name

VSA 3=NS-User-Group

VSA 4=NS-Primary-DNS

VSA 5=NS-Secondary-DNS

VSA 6=NS-Primary-WINS

VSA 7=NS-Secondary-WINS

[NS-Admin-Privilege]

Type=INTEGER

Profile=MULTI OUT

Enums=Admin Access Rights

[NS-VSYS-Name]

Type=STRING

Profile=OUT

[NS-User-Group]

Type=STRING

Profile=OUT

[NS-Primary-DNS]

Type=IPADDR

Profile=OUT

[NS-Secondary-DNS]

Type=IPADDR

Profile=OUT

[NS-Primary-WINS]

Type=IPADDR

Profile=OUT

[NS-Secondary-WINS]

Type=IPADDR

Profile=OUT

[Admin Access Rights]

1=Root Admin

2=All VSYS Root Admin

3=VSYS Admin (Requires VSA #2 VSYS Name be entered)

4=Read-Only Admin

5=Read-Only VSYS Admin (Requires VSA #2 VSYS Name be entered)

----- END FILE -----