Configuring Cisco ACS » History » Version 1
Luke Murphey, 11/29/2016 08:12 PM
| 1 | 1 | Luke Murphey | h1. Configuring Cisco ACS |
|---|---|---|---|
| 2 | 1 | Luke Murphey | |
| 3 | 1 | Luke Murphey | h2. Add the Splunk server to your Network Resources: |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | Network Resources > Network Device Groups > Network Devices and AAA Clients. Click on Create button. Fill in "Name" and "Description" field. We use Location to logically group devices, Device Type is also an option. Define IP address(es) in "Single IP Address" or "IP Subnets". Tick the RADIUS checkbox and define the "Shared Secret" field. Enter the key used for authentication. |
| 6 | 1 | Luke Murphey | |
| 7 | 1 | Luke Murphey | h2. Defining roles (to use RADIUS to assign roles): |
| 8 | 1 | Luke Murphey | |
| 9 | 1 | Luke Murphey | If you intend to use roles, set the VSA (Vendor Specific Attributes) properly (ignore 2 paragraphs if you don't need roles). |
| 10 | 1 | Luke Murphey | |
| 11 | 1 | Luke Murphey | System Administration > Configuration > Dictionaries > Protocols > RADIUS > RADIUS VSA (click on name to get listing & create button). Click on "Create". Define "Splunk" as "Name", set "27389" as "Vendor ID". Click on "Submit" to save. Click on "Splunk" in the list on the left panel (below RADIUS VSA). In Splunk VSA, click on "Create". Set "SplunkRole" as "Attribute" value, set "Vendor Attribute ID" to 1. Set "Attribute Type" to "String". |
| 12 | 1 | Luke Murphey | |
| 13 | 1 | Luke Murphey | h3. Define an Authorization Profile: |
| 14 | 1 | Luke Murphey | |
| 15 | 1 | Luke Murphey | Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles. Click on the "Create" button. Define "Name" and "Description". Create an entry for each role you require. In the RADIUS Attribute tab, set "Dictionary Type" to "RADIUS-Splunk". Select the RADIUS Attribute (click on "Select" button). Select "SplunkRole" from the list and click "OK". Set a "Static Attribute Value". Click on the "Add" button to add the attributes to the list (*IMPORTANT!! EASILY OVERLOOKED*). Click on "Submit" to save the Authorization Profiles. |
| 16 | 1 | Luke Murphey | |
| 17 | 1 | Luke Murphey | h2. Set Access Policy: |
| 18 | 1 | Luke Murphey | |
| 19 | 1 | Luke Murphey | Access Policies > Access Services. Click on title "Access Services". Click on the "Create" button. Set "Name" to Splunk". Create a new "User Selected User Type" based on "Network Access". Leave default options. Select the following protocols (not tested with less): Process Host Lookup, Allow PAP/ASCII, Allow CHAP, Allow MS-CHAPv1, Allow MS-CHAPv2. |
| 20 | 1 | Luke Murphey | |
| 21 | 1 | Luke Murphey | Click on "Service Selection Rules" and click on "Create" button. Set "Name" to "Splunk". Set the "Protocol" to RADIUS, set the NDG:Location to "All Location:Whichever group you assigned". Select "Splunk" as Results. Customize the Service Selection Policy if needed by clicking on the Customize button in the lower right corner. |
| 22 | 1 | Luke Murphey | |
| 23 | 1 | Luke Murphey | From the Access Services list, expand the Splunk policy and open "Identity". Select the Identity Source. Typically set it to Internal Users. Open the Authorization. Click on the "Create" button. For the conditions, select proper Identity Group. We have "Internal Users:UserIdentityGroup in All Groups:Administrator Users". In the Results, set the Authorization Profiles to "Splunk Admin" or "Splunk User" to define the proper profile. |
| 24 | 1 | Luke Murphey | Save changes by clicking on "Save Changes". |
| 25 | 1 | Luke Murphey | |
| 26 | 1 | Luke Murphey | In Splunk, set the RADIUS Server/Password/Secret to the RADIUS shared secret you configured earlier. You can use "Splunk" as identifier. Use the correct Attribute ID and the Vendor Code (1 and 27389 respectively). |