What parameters do I use to set up a Cisco ACS?

Learn about the required values to set up an ACS from network administration expert Lindi Horton.

I have a lab set up with a Win2003 server domain called dot1xdom.com, a user called dot1xuser1 as a member of a group called dot1xusers. Cisco documentation for ACS is extremely unclear in demonstrating how to define the values required in the Generic LDAP schema section.

I have searched for two months and found that others have had similar issues. I cannot work out with any confidence the required values for the following: User Directory Subtree, Group Directory Subtree, User Object Type, User Object Class, Group Object Type, Group Object Class, Group Attribute Name. I have succeeded in getting the switch access experiment running with IAS RADIUS but NOT with Cisco ACS. Can you help me?

One of the documents that Cisco provides for configuring ACS is the " Step-by-Step Configuration for Cisco ACS." In this document, I was able to obtain the information relevant to the parameters for LDAP authentication parameters.

The documentation assumes that you have set up a generic LDAP server. In setting up the LDAP server in my lab, I have included the parameters I set up for each category and a little further explanation for how to set them up. It's important to note that in user configuration for Active Directory and/or any other generic LDAP server, these options are available for selection and administrator defined. They would not appear in generic local user and group server administration.

User Directory Subtree: Users
Group Directory Subtree: Users/homedir
User Object Type: ou=user
User Object Class: users
Group Object Type: Groups
Group Object Class: group
Group Attribute Name: MyName

By ensuring you have the appropriate equipment set up in your lab, this should mirror exactly with what the ACS guide is depicting.

This was last published in February 2007

