Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS and APC UPS - radius authentication

Has anyone configured their APC UPS network managment cards to authenticate to ACS. The cards support radius, and I have that working, but the user only works as read only. How can I get them to work at at admin level ? I am not sure how to pass the attibutes back to the UPS.

Thanks for any tips.

Randy

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

ACS and APC UPS - radius authentication

FYI

I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.

7 REPLIES

Re: ACS and APC UPS - radius authentication

Randy,

It works , no issues at all. In order to get all the options on the APC cards, you need to integrate the .ini file provided by the vendor.

With that INI we will upload APC radius attributes in acs.

Regards,

~JG

Do rate helpful posts

New Member

I realize that this is a VERY

I realize that this is a VERY old thread... but... I figured I'd give it a shot.

Has anyone successfully configured an APC UPS network management cards to authenticate in ISE 2.1?  I have them authenticating properly in ACS 5.x, so I know the "basics" of setting up the dictionary and believe that I have the "radius vendors" setup correctly.  However I'm missing the "policy sets".  Similar to the start of this thread, my current ISE setup has all users logging in as "read only".

If so, any setup guides?  Thanks...

I am on 2.2 and have the same

I am on 2.2 and have the same question.

Silver

Re: ACS and APC UPS - radius authentication

You need to return some APC Vendor Specific Attributes. These will not be defined in ACS so you'll need to add them. This process is documented in the ACS User Guide - basically you create a .ini file with the VSA info and load it with csutil or rdbms sync.

APCs vendor id is 318. You need to add a single integer attribute "APC-Service-Type" (id #1) which can take the following values:

1 adminsitrator

2 device-manager

3 read-only users

Good luck

Darran

New Member

Re: ACS and APC UPS - radius authentication

Guys,

Sorry I forgot to post that I had it working. It was easier than I thought because all I needed to do was add Radius IETF option #6 and select "administrative".

I did see the APC info regarding VSA's, but I did not know how you input that data. I will have to look into the csutil and rdmns sync utilities since I am new to ACS.

thanks,

Randy

New Member

ACS and APC UPS - radius authentication

FYI

I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.

New Member

Re: ACS and APC UPS - radius authentication

Save the following into an ini file and use the CS Utils feature to import the UDF / VSA

Don't include the lines "====" bits!

You can rename the Admin/Device/ReadOnly to what ever you like as the interger value is what is important, the name is only used byt the ACS interface for displaying the options in the HTML.

=====================================

[User Defined Vendor]

Name=APC Devices

IETF Code=318

VSA 1=APC-Service-Type

[APC-Service-Type]

Type=INTEGER

Profile=OUT

Enums=APC-Auth-Type

[APC-Auth-Type]

1=Admin

2=Device

3=ReadOnly

=====================================

4298
Views
9
Helpful
7
Replies