Security

Reply
Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

ClearPass RADIUS Auth For Cisco UCS

I'm trying to set up our new Cisco UCS system for RADIUS authentication pointing to ClearPass.  Anybody done this before? Any specific documentation about AV pairs or what to return for a passed authentication? I'm getting mixed results doing Google searches and it doesn't look like this one is built into ClearPass.

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: ClearPass RADIUS Auth For Cisco UCS

Have you tried creating a RADIUS enforcement profile using the following:

Using Radius:Cisco > Cisco AVP Pair > shell:<context-name>=<Role-name>

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

Re: ClearPass RADIUS Auth For Cisco UCS

Found it...Victor was close:

 

Source: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/gui/config/guide/2-0/b_UCSM_GUI_Configuration_Guide_2_0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_0111.html
The vendor ID for the Cisco RADIUS implementation is 009 and the vendor ID for the attribute is 001.
The following syntax example shows how to specify multiples user roles and locales if you choose to create the cisco-avpair attribute: shell:roles="admin,aaa" shell:locales="L1,abc". Use a comma "," as the delimiter to separate multiple values.

Search Airheads
Showing results for 
Search instead for 
Did you mean: