Importing Vendor Attribute Value Pairs

By default, ACS includes only Cisco-specific vendor attributes for NAC, which are used in the posture-validation process. If you have a partner application installed on the end hosts and you want to validate the state of that application (as in the current virus definition file), the vendor's Attribute Definition File (ADF) must be imported into ACS. The ADF contains multiple attribute/value pairs (AVPs) that define the attributes that ACS can query for posture compliance.

When this process is complete, you can include these attributes in the internal posture-validation rules to determine the overall security posture of the host. Complete these steps to add a NAC partner's ADF files to ACS.

Step 1 Obtain one or more ADFs from the NAC partner.

Step 2 Copy the ADFs to the following directory:

C:\Program Files\CiscoSecure ACS vX.X\bin

Step 3 From a DOS command prompt, change to the directory where you copied the ADFs and use the CSUtil.exe utility to import the ADFs. For example:

CSUtil.exe -addAVP filename.adf

Step 4 After adding all the ADFs to ACS, restart the ACS processes from System Configuration > Service Control.

NOTE For ACS appliances, AVPs are added through FTP from System Configuration > NAC Attributes Management.

Was this article helpful?

0 0

Post a comment