Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS and brocade switch support!!!!

Hi Experts,

I have two queries:-

1) Does Broacade switch supports ACS ?

2) I am trying to configure a Brocade switch to get Radius authentification on an ACS server. But get the user right and not a admin right ?

Can you please tell me how do i assign the admin right for brocade switch??

Thanks in advance.

Regards

Neha.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACS and brocade switch support!!!!

Configure ACS Appliance to Import Your CSV

A. Go to Interface Configuration > Advanced Options

B. Place a check in RDBMS Synchronization and click Submit

C. Go to System Configuration > RDBMS Synchronization

D. Enter the name of the CSV in the Actions File field

E. Enter the FTP server IP, the directory where the CSV resides on the FTP server, and the username and password for ACS to use to access the FTP server in the appropriate fields

F. Choose Manual synchronization

G. Make sure your server is listed in the Synchronize column of the Synchronization Partners section and click Submit

H. Go back into RDBMS Synchronization and click Synchronize Now and the updates should take place.

25 REPLIES

Re: ACS and brocade switch support!!!!

Neha,

To make it work with ACS you need to upload Brocade VSA to ACS.

VSA- Vendor specific attribute.

Please ask Brocade support to provide dictionary file. Once you have it , we need to upload it to ACS using RDBMS sync.

Regards,

~JG

Do rate helpful posts

New Member

Re: ACS and brocade switch support!!!!

Hi Jagdish,

I have updated Acs server. And the file action.csv imported to the ACS but authentication with admin right still doesn't work.

I followed the correct method and change but still no luck...Kindly let me know what else do we need to look now?

Any help would be appriciated.

Thanks

neha

Re: ACS and brocade switch support!!!!

Hi Neha,

Do you see Broacade name listed in group setup, Make sure that Broacade switch in network configuration is using radius (Broacade) protocol, then only it will work.

If it configured well then we need to check if ACS is pushing correct attributes required for admin access.

You can run debugs or sniffer on switch to know if acs is sending required attributes.

Incase all required attributes are pushed then you need to check it with Broacade support.

Regards,

~JG

Do rate helpful posts

New Member

Re: ACS and brocade switch support!!!!

Hi Jagdish,

Thanks for the explanation.

Yes I have selected radius(Brocade) protocol. Further more I did sniffer from src to destination and here is te result.

Sniffer trace shows as Radius Malformed Packet.

Exp of pkt flow:-

1) Src: 1.1.1.1 dst 2.2.2--> Radius access-request (1)

2) Src: 2.2.2.2 dst 1.1.1.1-> Radius

access-Accept(2)[Malformed Packet]

if i further open this it says:

saw under AVP:

VSA: 1-65 t=unknonw-Attribute(1):

[Malformed Packet: RADIUS]

Any suggestions???

Regards

Neha.

New Member

Re: ACS and brocade switch support!!!!

Hi Jagdish,

I doublecheked everything.

1) Selected radius brocade.

2) Syn properly.

But still the issue? Please suggest the next step???

Regards

Neha

New Member

Re: ACS and brocade switch support!!!!

Hi,

Can anyone provide update??

Regards

Neha.

Re: ACS and brocade switch support!!!!

Neha,

Can you provide me the rds.log file? Need to check logs. Let me know if you don't know the location of rds log in acs.

Regards,

~JG

New Member

Re: ACS and brocade switch support!!!!

Hi Jagdish,

Thanks to look this as this is very critical for me.

Ok I got to know the place to collect the rds.log? In the mean time can you please leave a note on what needs to be checked there ? As it might take some time to upload the file here.

Waiting for your update.

Regards

Neah.

Re: ACS and brocade switch support!!!!

Hi,

Follow these instructions even if the ACS is already running in detailed logging mode. This will ensure that all the proper service startup information is included in the package.cab file.

System Configuration --> Service Control --> Level of detail - Full At this point, we need to duplicate the issue.

Do whatever is causing the problem, or wait for the problem to occur again if it's not triggered by a direct sequence of events. Once that's done, we need to gather the verbose logs created. To do so, follow the instructions below AFTER the problem has been recreated and recorded:

System Configuration --> Support -->Enable generate logs and Collect last x day logs and Collect Log Files

Run Support Now. Please save this file and unzip it. You will see a file called rds.log

This file contains all of the log information from ACS.

Regards

Re: ACS and brocade switch support!!!!

Find attached the csv file for brocade and compare it with your csv file that you synced.

Regards,

~JG

Re: ACS and brocade switch support!!!!

Neha,

String has to be all lower case on ACS for the VSA.

Regards,

~JG

Re: ACS and brocade switch support!!!!

HI Neha,

Were you able to make it work?

Regards,

~JG

New Member

Re: ACS and brocade switch support!!!!

Hi,

Please find the RDS file. I have tried all the steps you have recommended.

Regards

Neha,

New Member

Re: ACS and brocade switch support!!!!

Jagdish,

Can you please provide me update on this???

Regards

Neha.

Re: ACS and brocade switch support!!!!

Neha,

RDS logs shows correct vsa. Can you provide me the sniffer trace, we need to make sure that values are not truncated. If it is not then we need to check it from brocade support.

Regards,

New Member

Re: ACS and brocade switch support!!!!

Jag,

Kindly let me know what sniffer traces you required???

Regards,

Neha.

Re: ACS and brocade switch support!!!!

You can sniff switch port or ACS interface using ethereal or wireshark.

I would like to see whole event when user tries to login to that switch.

Regards,

New Member

Re: ACS and brocade switch support!!!!

Jag,

Please find the trace attached.

tried both with Admin and "admin":-

I see under Radius as (Malformed packet:Radius) and below are the extract of admin:-

with small admin:

0000 00 05 1e 02 23 f0 00 1b 24 5e 67 4d 08 00 45 00 ....#... $^gM..E.

0010 00 3b 38 23 00 00 80 11 5a ab 0a 4b 49 a6 0a 4b .;8#.... Z..KI..K

0020 49 a8 06 6d 0b e4 00 27 a7 2a 02 3f 00 1f f8 7e I..m...' .*.?...~

0030 73 78 fb 12 bc 70 c2 eb 0c dc 76 33 43 5e 1a 0b sx...p.. ..v3C^..

0040 00 00 06 34 01 61 64 6d 69 ...4.adm i

Regards,

Neha.

Re: ACS and brocade switch support!!!!

Please mail me the shared secret key,

jgambhir@cisco.com

New Member

Re: ACS and brocade switch support!!!!

Jag,

I have send the email to you. You should be recieving my email from this id:-(nehakulsum@aol.com).

I have attached the latest .cap file and shared secret key. Kindly let me know your update at the earliest.

Thanks in advance.

Regards,

Neha.

Re: ACS and brocade switch support!!!!

Thanks for the mail. I'm not sure about the acs software version you are running. Incase it is 4.2 then please check out this bug,

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCsv65072

Apply latest patch (12)to fix it.

Regards,

~JG

New Member

Re: ACS and brocade switch support!!!!

Jag,

Thanks for all your support on this you are been very helpfull I heartly appriciate it.

I will go ahead and upgrade to 4.2 and apply the patch.

Last but least:-

Can you tell me the steps in order to remove the VSA ? ACS is on Cisco applicance .....

I know the procedure for ACS on windows.

Regards,

Neha.

Re: ACS and brocade switch support!!!!

Re: ACS and brocade switch support!!!!

Configure ACS Appliance to Import Your CSV

A. Go to Interface Configuration > Advanced Options

B. Place a check in RDBMS Synchronization and click Submit

C. Go to System Configuration > RDBMS Synchronization

D. Enter the name of the CSV in the Actions File field

E. Enter the FTP server IP, the directory where the CSV resides on the FTP server, and the username and password for ACS to use to access the FTP server in the appropriate fields

F. Choose Manual synchronization

G. Make sure your server is listed in the Synchronize column of the Synchronization Partners section and click Submit

H. Go back into RDBMS Synchronization and click Synchronize Now and the updates should take place.

New Member

Re: ACS and brocade switch support!!!!

Hi Jagdish,

It works now. Thanks a ton for your support . I heartly appriciate the way you have supported on this case. You are a champ on ACS and you deserve it as well.

Believe me I am really happy that my problem is resolved now with all your help on this.

Again I thank you for the support. God bless you.

Regards,

Neha.

1256
Views
12
Helpful
25
Replies