Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding Custom RADIUS VSA's

Hello,

I am trying to add a custom VSA to the trial version of ACS 3.1(1). I have created the files with 1 new VSA attribute and added it to the ACS without any problems.

My setup has:

An AAA client configured to use the Custom VSA set

The VSA attribute enabled in the Interface configuration

However, when I go into group setup to apply the change, I see the IETF attributes and an empty box with the name of my VSA set, but no attibutes I can set.

My VSA is looks like:

[User Defined Vendor]

Name=Shiva

IETF Code=166

VSA 1=Shiva-AVL

[Shiva-AVL]

Type=STRING

Profile=IN OUT

Any comments why this wont work?

Many Thanks

2 REPLIES
Cisco Employee

Re: Adding Custom RADIUS VSA's

I added this into my machine and it worked fine. Make sure you don't have any extra blank spaces at the end of the lines anywhere. What messages do you get when you run CSUtil, I get the following:

Adding Vendor [Shiva] added as [Radius (Shiva)]

Adding VSA [Shiva-AVL]

Done

Checking new configuration...

New configuration OK

What exactly do you see under the group attribute? I see a box labelled "Radius [Shiva} attributes", with an attribute in it labelled "166\001 Shiva-AVL" with a check-box next to it and a text box underneath. Are you saying you just see the main box with nothing in it? If that's the case it sounds like the attribute didn't get added correctly, so make sure you see the message about it successfully adding the VSA like you see in mine above.

New Member

Re: Adding Custom RADIUS VSA's

Thanks very much for the response, but I eventually managed to get it to work!

You were right the attribute failed to get added correctly, although no error messages were recieved from CSUtil. I got the same success message.

What I did was change the profile from 'PROFILE=IN OUT' to PROFILE=IN only. Either it didnt like the combination of IN and OUT or I may have left an extra space somewhere.

Many Thanks for you help!

162
Views
0
Helpful
2
Replies
CreatePlease login to create content