128199-How To Configuration OPNET Vendor Specifc Attribute To ACS SE

You might also like

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 7

How to Configuration OPNET

Vendor Specifc Attribute to ACS

We tried this below process on a 4.1 ACS (SE) version. We had a crash after the
Cisco patch update. This Document will describe how to create the networkphysics dictionary. On SE version customer dont have access to the ini file and
cannot use our actual dictionary. The customer, must use the RDBMS feature to
load and configure the box.

Define the vendor code.

Add the attribute.

Define the attribute properties.

On version 4.1 and 4.2 a well know Cisco bug may appear. Malformed radius
packet when the ACS server send the response to the Opnet appliance. This
result to a bad authentication error on the AppResponse Xpert solution.
All blue part are the .csv files that you need to create. Those CSV file will be
uploaded to the ACS box with RDBSM.

You need to restart the services severals times to apply the configuration change
on the ACS v4.2 (SE).


ACS SE 113 in 4.2

FTP server reachable by the ACS

Patch ACS
Download ApplAcs_4. from Cisco Web Site
Unzip the file
Launch startserver.bat
Go to ACS web interface and System Configuration Appliance Upgrade status

Click on Download button and type you IP address

Clik on refresh and upgrade now
After the upgrade you should have this version

Prepare RDMS Synchronization

Go to RDBMS Synchronization under System configuration

Configuration the FTP server. Be sure that the name of file is accountActions.csv

Do not forget to select the AAA server himself in Synchronization Partners

Click on Submit to validate parameters

I - Add new vendor and specific attributes

Delete Existing vendor (only if already exists)
Prepare a blank txt file with your favourite text editor
Insert into this file the following text:

Note: you need to change the date and time.

Save it as accountAction.csv
Upload it to your FTP server (check the location)
Go to ACS web interface and go to RDBMS Synchronization under System Configuration
Click on Synchronize Now

Wait several minutes the ACS server will restart the services.

Add vendor (Named Network Physics)

Prepare a blank txt file with your favourite text editor

Insert into this file the following text:


Note: you need to change the date and time.

Save it as accountAction.csv
Upload it to your FTP server (check the location)
Go to ACS web interface and go to RDBMS Synchronization under System Configuration
Click on Synchronize Now

Wait several minutes the ACS server will restart the services.

Add Attribute for authorization level

Prepare a blank txt file with your favourite text editor
Insert into this file the following text:


Note: you need to change the date and time.

Save it as accountAction.csv
Upload it to your FTP server (check the location)
Go to ACS web interface and go to RDBMS Synchronization under System Configuration
Click on Synchronize Now

Wait several minutes the ACS server will restart the services.

Set attribute
Prepare a blank txt file with your favourite text editor
Insert into this file the following text:

Note: you need to change the date and time.

Save it as accountAction.csv
Upload it to your FTP server (check the location)
Go to ACS web interface and go to RDBMS Synchronization under System Configuration
Click on Synchronize Now

Wait several minutes the ACS server will restart the services.

II - Activate new vendor and new attribute

Network Configuration
Connect again to the ACS web configuration.
Go to network configuration and edit or add the OPNET AAA client IP concerned
Select RADIUS (Network-Physics) Authentication type

Click on Submit + Restart

Interface configuration
After adding an AAA Client IP address, the new Vendor should appear to Interface

Click on RADIUS (Network-Physics)

Click on Group checkbox and validate

Group setup
To assign authorization level to a group, add or edit a User Group.

Select Check box under RADIUS (Network-Physics) Attribute and type the right
authorization level for OPNET probe.

Cick on Submit + Restart

III - Test the access

You should now be able to do a test and check that the authorization level is

You might also like