Forum Discussion
soymanue
Nimbostratus
NimbostratusRadius IETF-assigned vendor number
Hello
I want to configure authorization using an External Radius/Tacacs Server. I've read these articles:
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementations_guide_10_0_0/sol_mgmt_auth.html
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=2316
And I see I have to declare specific Attributes:
F5-LTM-User-Info-1
F5-LTM-User-Console
F5-LTM-User-Role
F5-LTM-User-Partition
To create this with CiscoSecure ACS I have to create VSAs (Vendor Specific Attributes) and I need the IETF vendor number and the definition of each attribute (variable type...)
Can you help me?
3 Replies
Valentin_Farba_Hello,
I am working coincidentially on the same issue.
Reading
http://www.ietf.org/rfc/rfc2865.txt you can find:
"Vendor-Id
The high-order octet is 0 and the low-order 3 octets are the SMI
Network Management Private Enterprise Code of the Vendor in
network byte order, as defined in the "Assigned Numbers" RFC [6].
"
In my opinion same numbering space is referenced here as the one used for snmp MIBs. I plan to use "3375" as seen in F5 snmp MIB files.
As we are user of Enterprise Manager too, I plan to extend VSA definitions for ACS server of EM related parameters too. This means extra EM related value for role, partition and console access too.
Regards,
Valentin- Valentin_Farba_As the EM does not support yet any remote roles, the EM related values are meant for future extension of the authentication model with RADIUS.
"soymanue",
I would be interested in the final and working acs.ini file content if you could share the information.
Thanks.
Valentin 
Rob_Sommerfelt_Has this ACS VSA .ini file ever been created? I am about to do try to do this but would rather not re-invent the wheel
