Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Radius User Defined Vendor (VSA) issue

Hi,

Software Version:

CiscoSecure ACS for Windows 2000/NT

Release 3.0(3) Build 6

I've created the ini file below and added it using csutil -addUDV 8 laurel-vsa.ini (tried other slots too).

[User Defined Vendor]

Name=Laurel

IETF Code=5395

VSA 1=Laurel-Login-Local-User-Name

VSA 2=Laurel-Login-Allowed-Commands

VSA 3=Laurel-Login-Denied-Commands

VSA 4=Laurel-Login-Allow-Config

VSA 5=Laurel-Login-Deny-Config

[Laurel-Login-Local-User-Name]

Type=STRING

Profile=OUT

[Laurel-Login-Allowed-Commands]

Type=STRING

Profile=OUT

[Laurel-Login-Denied-Commands]

Type=STRING

Profile=OUT

[Laurel-Login-Allow-Config]

Type=STRING

Profile=OUT

[Laurel-Login-Deny-Config]

Type=STRING

Profile=OUT

C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -addUDV 8 laurel-vsa.ini

CSUtil v3.0(3.6), Copyright 1997-2002, Cisco Systems Inc

Adding or removing vendors requires ACS services to be re-started.

Please make sure regedit is not running as it can prevent registry

backup/restore operations

Are you sure you want to proceed? (y/n)y

Parsing [.\laurel-vsa.ini] for addition at UDV slot [8]

Stopping any running services

Creating backup of current config

Adding Vendor [Laurel] added as [RADIUS (Laurel)]

Adding VSA [Laurel-Login-Local-User-Name]

Adding VSA [Laurel-Login-Allowed-Commands]

Adding VSA [Laurel-Login-Denied-Commands]

Adding VSA [Laurel-Login-Allow-Config]

Adding VSA [Laurel-Login-Deny-Config]

Done

Checking new configuration...

New configuration OK

Re-starting stopped services

C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -listUDV

CSUtil v3.0(3.6), Copyright 1997-2002, Cisco Systems Inc

UDV 0 - Unassigned

UDV 1 - Unassigned

UDV 2 - Unassigned

UDV 3 - Unassigned

UDV 4 - Unassigned

UDV 5 - Unassigned

UDV 6 - Unassigned

UDV 7 - Unassigned

UDV 8 - RADIUS (Laurel)

UDV 9 - Unassigned

All this shows that it has worked ok. However, when I look in the Interface Confirguration section on the GUI, its not there, so I can't use it. Is there something I'm missing, is it a bug with this version of ACS?

I cant upgrade at this time as we're planning to migrate to the Cisco Secure Access Control Server Solution Engine 4.0.

Thanks in advance for your help,

Lee Hecken

4 REPLIES
Silver

Re: Radius User Defined Vendor (VSA) issue

Hi

All you need do is physically re-start the CSAdmin service:

net stop csadmin

net start csadmin

You'll see the new VSAs. ACS isnt very good at reflecting changes to its "meta config" without csadmin re-starts. This might be documented somewhere in the depths of the user guide :(

Darran

Community Member

Re: Radius User Defined Vendor (VSA) issue

Thanks for your reply Darran,

The ACS server has beed reload since adding the VSAs, however I tried the above just to make sure. Same issue, still not showing under Interface Configuration, just the standard enteries.

Any further suggestions? Do you have an ini file I can try that you've used that does show up?

Thanks,

Lee

Community Member

Re: Radius User Defined Vendor (VSA) issue

Fixed it.

The new VSA doesnt show up in the Interface Configuration section until after you've set it as the 'authenticate using' method for a AAA client! Then you can select which properties you want to use in the user or group sections.

Rgds,

Lee

Community Member

Re: Radius User Defined Vendor (VSA) issue

Hi All,

Ok, I can add UDVs with new vendors. But how can I add new Cisco VSAs? I tried the csutil.exe -addUDV, but I receive a message that "Vendor with IETF code 9 already defined".

I'd like to have the ACS to recognize and report the accountig info sent by a vocie gw.

Any idea?

Thanks,

Attila

314
Views
0
Helpful
4
Replies
CreatePlease to create content