cancel
Showing results for 
Search instead for 
Did you mean: 

What RADIUS attribute to send is needed when adding a Cisco ASA to the NAC appliance for AAA Mangement Access?

What RADIUS attribute to send is needed when adding a Cisco ASA to the NAC appliance for AAA Mangement Access?

Pierre_Demassey
New Contributor II
I am trying to add a Cisco ASA to the NAC appliance for RADIUS Management Access. I started by enabling SNMP between the ASA and NetSight Console. But in order to add the ASA to the NAC appliance, I need to specify a RADIUS attribute to send. What do I need to put?
10 REPLIES 10

Pierre_Demassey
New Contributor II
So we got this to work by using the following:

Service-Type=%CUSTOM2% for the custom RADIUS attribute.

The Policy mapping is as follows:

909f1c2653f14ff09eefc2d0d096dc0c_RackMultipart20180125-9602-1x5pzgu-Image_12_inline.png



Most of the config work has to be done on the ASA side. I did it using the ASDM. This method allows for RADIUS auth to both the ASMD and SSH. Priv exec mode also works as well. These settings were configured through the ASDM.

Pierre_Demassey
New Contributor II
Hello all, thanks for the assistance. I'm still having issues getting it to work.

I configured a new attribute group and set it with Service-Type=%CUSTOM2%. I then did 2 things: I created a new rule specific for the ASA access management. Then I created a new profile with a new policy mapping to include the instructions that SH provided above. I did this because I had an existing rule and policy mapping that was set for Enterasys and EXOS access management. I didn't want to break those.

The issue may lie with the SNMP configuration. It loses connectivity with the ASA intermittently. The ASA SNMP User/Group configuration is confusing.

StephanH
Valued Contributor III
Hello Pierre,

you have to configure the radius attribute to sind in the Switch context and you can create a new attribute group.

fb03b91b47c2457c81362a90f73382bb_RackMultipart20180117-4427-gshx4m-ASA2_inline.jpg

Regards Stephan

Pierre_Demassey
New Contributor II
I'm looking in the drop-down box for the 'RADIUS Attribute to Send' in the NAC. How do set it to Service Type you mentioned?
GTM-P2G8KFN