KB.15.15

6. Right click and then select New > key. Add the vendor Id number that you

determined in step 4 (100 in the example).

7. Restart all Cisco services.

8. The newly created HP RADIUS VSA appears only when you configure an AAA

client (NAS) to use the HP VSA RADIUS attributes. Select Network Configuration

and add (or modify) an AAA entry. In the Authenticate Using field choose

RADIUS(HP) as an option for the type of security control protocol.

9. Select Submit + Restart to effect the change. The HP RADIUS VSA

attributes will appear in Cisco ACS configurations, for example, "Interface

Configuration", "Group Setup", "User Setup".

Example 5 To enable the processing of the HP-Command-String VSA for RADIUS accounting:

Below are the procedures for processing the HP-Command-String VSA.

1. Select System Configuration.

2. Select Logging.

3. Select CSV RADIUS Accounting. In the Select Columns to Log section, add the

HP-Command-String attribute to the Logged Attributes list.

4. Select Submit.

5. Select Network Configuration. In the AAA Clients section, select an entry in the AAA Client

Hostname column. You will go to the AAA Client Setup screen.

6. Check the box for Log Update/Watchdog Packets from this AAA Client.

7. Click Submit + Restart. You should be able to see the HP-Command-String attribute in the

RADIUS accounting reports.

8. Enter the commands you wish to allow or deny with the special characters used in standard

regular expressions (c, ., \, list], ^list], *, ^, $). Commands must be between 1-249 characters

in length.

156 RADIUS Authentication, Authorization, and Accounting