Ask the Expert

What parameters do I use to set up a Cisco ACS?

I have a lab set up with a Win2003 server domain called, a user called dot1xuser1 as a member of a group called dot1xusers. Cisco documentation for ACS is extremely unclear in demonstrating how to define the values required in the Generic LDAP schema section.

I have searched for two months and found that others have had similar issues. I cannot work out with any confidence the required values for the following: User Directory Subtree, Group Directory Subtree, User Object Type, User Object Class, Group Object Type, Group Object Class, Group Attribute Name. I have succeeded in getting the switch access experiment running with IAS RADIUS but NOT with Cisco ACS. Can you help me?

    Requires Free Membership to View

One of the documents that Cisco provides for configuring ACS is the "Step-by-Step Configuration for Cisco ACS." In this document, I was able to obtain the information relevant to the parameters for LDAP authentication parameters.

The documentation assumes that you have set up a generic LDAP server. In setting up the LDAP server in my lab, I have included the parameters I set up for each category and a little further explanation for how to set them up. It's important to note that in user configuration for Active Directory and/or any other generic LDAP server, these options are available for selection and administrator defined. They would not appear in generic local user and group server administration.

User Directory Subtree: Users
Group Directory Subtree: Users/homedir
User Object Type: ou=user
User Object Class: users
Group Object Type: Groups
Group Object Class: group
Group Attribute Name: MyName

By ensuring you have the appropriate equipment set up in your lab, this should mirror exactly with what the ACS guide is depicting.

This was first published in February 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: