Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NetScreen VSA for Radius Auth template for ACS 3.0 and up

After seaching the forums for a NetScreen VSA file to use with CiscoSecure 3.0 I had to depend on making one utilizing this Cisco doc..

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/ae.htm#1981

I've tested this using CiscoSecure 3.0 (3.0(1) Build 40) for NT/2K and it works great. It should work on 3.1 also. It adds NetScreen VSA(Vendor Specific Attributes) for Radius to the admin console. I only use it for remote firewall auth but I made it to conform to all of the NetScreen VSA's available.

Using this file as is will allow multi-user authentication to NS-Admin-Privileges and authentication for all others.

This is a good template to start with for configuring your NS to to Radius with your ACS server.

Rob Gartley

----- BEGIN FILE -----

[User Defined Vendor]

Name=NetScreen

IETF Code=3224

VSA 1=NS-Admin-Privilege

VSA 2=NS-VSYS-Name

VSA 3=NS-User-Group

VSA 4=NS-Primary-DNS

VSA 5=NS-Secondary-DNS

VSA 6=NS-Primary-WINS

VSA 7=NS-Secondary-WINS

[NS-Admin-Privilege]

Type=INTEGER

Profile=MULTI OUT

Enums=Admin Access Rights

[NS-VSYS-Name]

Type=STRING

Profile=OUT

[NS-User-Group]

Type=STRING

Profile=OUT

[NS-Primary-DNS]

Type=IPADDR

Profile=OUT

[NS-Secondary-DNS]

Type=IPADDR

Profile=OUT

[NS-Primary-WINS]

Type=IPADDR

Profile=OUT

[NS-Secondary-WINS]

Type=IPADDR

Profile=OUT

[Admin Access Rights]

1=Root Admin

2=All VSYS Root Admin

3=VSYS Admin (Requires VSA #2 VSYS Name be entered)

4=Read-Only Admin

5=Read-Only VSYS Admin (Requires VSA #2 VSYS Name be entered)

----- END FILE -----

831
Views
0
Helpful
0
Replies