Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Enabling VSA option 26 in ACS v4.1

Hi,

I am not able to see option 26 (VSA) under Radius IETF.I can see the rest except for the VSA. I need to enable this as I am configuring non Cisco AAA client which is SonicWall 2040 Firewall.

Any Idea, pls advise.

Thank you

  • AAA Identity and NAC
7 REPLIES

Re: Enabling VSA option 26 in ACS v4.1

You need to import the SonicWall Radius dictionary into ACS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_CSUtil.html#wp365540

then create a AAA client using RADIUS (SonicWall).

then go to Interface Configuration, and make the Sonicwall attributes to appear under user/group configuration section.

This is how 26 is implement in ACS.

Regards,

Prem

Please rate if it helps!

New Member

Re: Enabling VSA option 26 in ACS v4.1

Hi Prem,

Thanks for the update.

Is it the same procedure for ACS SE.

And, any chance for you to know how to import the radius dictionary. Is it imported directly from Sonicwall appliance.

Thank you

Re: Enabling VSA option 26 in ACS v4.1

For ACS SE, please refer to,

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RDBMS.html

For dictionary file, you may want to contact SonicWall support.

Regards,

Prem

Please rate if it helps!

New Member

Re: Enabling VSA option 26 in ACS v4.1

Hi Prem,

The process looks very confusing and not straight forward.

I have also checked the sonicwall site, there are another option which uses attribute 11 (filter-id) for radius authentication.

Not sure whether it will work with Cisco ACS, have you / anyone tried before.

And, are there any option in ACS where we can set the authentication to PAP

Thank you

New Member

Re: Enabling VSA option 26 in ACS v4.1

Hi,

Can NAC Attribute Management adds the SonicWall VSA?

Thank you

Re: Enabling VSA option 26 in ACS v4.1

Actually, till the point you dont want to use the VSA from SonicWall you can use RADIUS(IETF) and should be able to authenticate fine. PAP needs to be configured on Sonic Wall. ACS can authenticate PAP,CHAP,MSCHAP1/2

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/Overvw.html#wp857274

If you need assistance in creating accountsaction.csv for sonicwall, you can get some help from TAC, get the disctionary file from SonicWall and pass it over to TAC.

Regards,

Prem

Please rate if it helps!

New Member

Re: Enabling VSA option 26 in ACS v4.1

HI All,

I am facing same difficulty for 3com routers, my vendor provided me couple files and asked to add in ACS server.I have ACS SE 4.2.

can you please tell me the procedure to add this .ini files to my ACS SE. I gone through user guide but confused.

Please hlp me providing procedure.

547
Views
5
Helpful
7
Replies
This widget could not be displayed.