Appendix D Cisco Secure ACS Command-Line Database Utility
User-Defined RADIUS Vendors and VSA Sets
D-28
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
About User-Defined RADIUS Vendors and VSA Sets
In addition to a set of predefined RADIUS vendors and vendor-specific attributes
(VSAs), Cisco Secure ACS supports RADIUS vendors and VSAs that you define.
We recommend that you use RDBMS Synchronization to add and configure
custom RADIUS vendors; however, you can use CSUtil.exe to accomplish the
same custom RADIUS vendor and VSA configurations that you can accomplish
using RDBMS Synchronization. Custom RADIUS vendor and VSA configuration
created by either of these two features—RDBMS Synchronization or
CSUtil.exe—can be modified by the other feature. Choosing one feature for
configuring custom RADIUS vendors and VSAs does not preclude using the other
feature. For more information about RDMBS Synchronization, see
RDBMS
Synchronization, page 8-29
.
Vendors you add must be IETF-compliant; therefore, all VSAs that you add must
be sub-attributes of IETF RADIUS attribute number 26. You can define up to ten
custom RADIUS vendors, numbered 0 (zero) through 9. CSUtil.exe allows only
one instance of any given vendor, as defined by the unique vendor IETF ID
number and by the vendor name.
Note
If you intend to replicate user-defined RADIUS vendor and VSA configurations,
user-defined RADIUS vendor and VSA definitions to be replicated must be
identical on the primary and secondary Cisco Secure ACS servers, including the
RADIUS vendor slots that the user-defined RADIUS vendors occupy. For more
information about database replication, see
CiscoSecure Database Replication,
page 8-9
.
Adding a Custom RADIUS Vendor and VSA Set
You can use the -addUDV option to add up to ten custom RADIUS vendors and
VSA sets to Cisco Secure ACS. Each RADIUS vendor and VSA set is added to
one of ten possible user-defined RADIUS vendor slots.
Note
While CSUtil.exe adds a custom RADIUS vendor and VSA set to
Cisco Secure ACS, all Cisco Secure ACS services are automatically stopped and
restarted. No users are authenticated while this process is occurring.