beautypg.com

Cisco 3.3 User Manual

Page 761

background image

D-45

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Appendix D CSUtil Database Utility

Posture Validation Attributes

Example D-1

shows an example of a posture validation attribute definition,

including a comment after the attribute definition:

Example D-1

Example Attribute Definition

[attr#0]

vendor-id=9

vendor-name=Cisco

application-id=1

application-name=PA

attribute-id=00001

attribute-name=Application-Posture-Token

attribute-profile=out

attribute-type=unsigned integer

; attribute 1 is reserved for the APT

A posture validation attribute is uniquely defined by the combination of its vendor
ID, application ID, and attribute ID. The following list provides details of these
values and of each line required in an attribute definition:

[attr#n]—Attribute definition header, where n is a unique, sequential integer,
beginning with zero. CSUtil.exe uses the definition header to distinguish the
beginning of a new attribute definition. Each attribute definition must begin
with a line containing the definition header. The first attribute definition in
the file must have the header

[attr#0]

, the second attribute definition in a file

must have the header

[attr#1]

, and so on. A break in the numbering causes

CSUtil.exe to ignore attribute definitions at the break and beyond. For
example, if a file with 10 attribute definitions the fifth attribute is defined as

[attr#5]

instead of

[attr#4]

, CSUtil.exe ignores the attribute defined as

[attr#5]

and remaining five the attributes following it.

Tip

The value of n is irrelevant to any of the ID values in the attribute definition file.
For example, the 28th definition in a file must have the header

[attr#27]

, but this

does not limit or otherwise define valid values for vendor-id, application-id,
attribute-id. Neither does it limit or define the number of posture validation
attributes supported by Cisco Secure ACS.

vendor-id—An unsigned integer, the vendor number is of the vendor
associated with the posture validation attribute. The vendor number should be
the number assigned to the vendor in the

IANA Assigned Numbers RFC

. For

example, vendor ID 9 corresponds to Cisco Systems, Inc.