D-29
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Appendix D CSUtil Database Utility
User-Defined RADIUS Vendors and VSA Sets
About User-Defined RADIUS Vendors and VSA Sets
In addition to supporting a set of predefined RADIUS vendors and
vendor-specific attributes (VSAs), Cisco Secure ACS supports RADIUS vendors
and VSAs that you define. We recommend that you use RDBMS Synchronization
to add and configure custom RADIUS vendors; however, you can use CSUtil.exe
to accomplish the same custom RADIUS vendor and VSA configurations that you
can accomplish using RDBMS Synchronization. Custom RADIUS vendor and
VSA configuration created by either of these two features—RDBMS
Synchronization or CSUtil.exe—can be modified by the other feature. Choosing
one feature for configuring custom RADIUS vendors and VSAs does not preclude
using the other feature. For more information about RDMBS Synchronization, see
RDBMS Synchronization, page 9-25.
Vendors you add must be IETF-compliant; therefore, all VSAs that you add must
be sub-attributes of IETF RADIUS attribute number 26. You can define up to ten
custom RADIUS vendors, numbered 0 (zero) through 9. CSUtil.exe allows only
one instance of any given vendor, as defined by the unique vendor IETF ID
number and by the vendor name.
Note If you intend to replicate user-defined RADIUS vendor and VSA configurations,
user-defined RADIUS vendor and VSA definitions to be replicated must be
identical on the primary and secondary Cisco Secure ACSes, including the
RADIUS vendor slots that the user-defined RADIUS vendors occupy. For more
information about database replication, see CiscoSecure Database Replication,
page 9-1.
Adding a Custom RADIUS Vendor and VSA Set
You can use the -addUDV option to add up to ten custom RADIUS vendors and
VSA sets to Cisco Secure ACS. Each RADIUS vendor and VSA set is added to
one of ten possible user-defined RADIUS vendor slots.
Note While CSUtil.exe adds a custom RADIUS vendor and VSA set to Cisco Secure
ACS, all Cisco Secure ACS services are automatically stopped and restarted. No
users are authenticated during this process.