Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring custom AV Attribute pairs in CSACS

Hello

I'm running CSACS to authenticate users to a Colubris CN3500 Access Controller and Colubris provides a 'custom av pair' to specify traffic quotas for users. How would I create these pairs within csacs? Thanks

5 REPLIES
Cisco Employee

Re: Configuring custom AV Attribute pairs in CSACS

New Member

Re: Configuring custom AV Attribute pairs in CSACS

Hello

First off, thanks for the document, it did help out very much. I've created my custom avpair.ini file which looks like this:

###################################

[User Defined Vendor]

Name=Colubris

IETF Code=8744

VSA 1=colubris-max-input-packets

VSA 2=colubris-max-output-packets

VSA 3=colubris-max-input-octets

VSA 4=colubris-max-output-octets

[colubris-max-input-packets]

Type=INTEGER

Profile=MULTI IN OUT

Enums=MaxPacket

[colubris-max-output-packets]

Type=INTEGER

Profile=MULTI IN OUT

Enums=MaxPacket

[colubris-max-input-octets]

Type=INTEGER

Profile=MULTI IN OUT

Enums=MaxOctet

[colubris-max-output-octets]

Type=INTEGER

Profile=MULTI IN OUT

Enums=MaxOctet

[MaxPacket]

0=10

1=100

2=1000

3=5000

4=10000

[MaxOctet]

0=100000

1=1000000

2=10000000

3=100000000

4=200000000

5=500000000

#####################################

And I've imported it using CSUtil and got no errors. But I cant seem to get it to show up in the ACS Admin pages....I've looked under user/group, interface and I cant find it anywhere...please help. Thanks

Jason Humes

Cisco Employee

Re: Configuring custom AV Attribute pairs in CSACS

You have to add a NAS and say that it's a type "Colubris". Then it'll appear under Interface Config, and you'll be able to enable parameters for the User and/or Group.

New Member

Re: Configuring custom AV Attribute pairs in CSACS

Hello

OK Great, I've gotten the 4 Individual items to appear within CSACS under the group config, yet the possible values I've configured dont seem to show up, just a box with a 0 in it next to each item. Any ideas. Thanks again.

Cisco Employee

Re: Configuring custom AV Attribute pairs in CSACS

This is because you have "MULTI" defined in the VSA. This says that you can send back more than one value for this attribute, so the box in the GUI becomes a box that allows you to add more than one value. If you remove MULTI and just have it as "IN OUT" then the boxes will be displayed as a drop-down allowing you to select one of the values you specified.

287
Views
0
Helpful
5
Replies
CreatePlease to create content