This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am having difficulty getting radius authentication to work with our Ciena 6500 optical chassis. Trying to do Radius with PAP. I have policy sets defined with TACACs and Radius. Tacacs works fine. I have a single policy that is suppossed to match network access protocol radius and from their authorize based on user and group, however I can't seem to get any hits on the policy. The radius live logs indicate it is hitting default which doesn't permit PAP. However the hit counters don't increment for the default catch all rule either at the bottom so I am not sure what I am hitting. If I can get the requests to hit the policy I created I think I should be good. The only condition for the policy is Network Access Protocol Radius. Is there something else I need to do to make this work? Or is there something else I may need to consider given they are not Cisco devices?
We currently have the Ciena devices successfully doing Radius Auth via Windows Network Policy Server without issue.
Solved! Go to Solution.
Attached policy screenshot. Note that the last two rules have shown 0 and 5 hits for weeks, so neither rule is getting hit. Also, the default device admin allowed protocols profile has pap radius allowed. Also below is the detailed auth report.
Yes! Thanks that was my problem. Didn't realize they were separate. I am now hitting the policy. Now I need to tshoot authorization as I am not getting full admin rights in the Ciena GUI.
IF the default authentication policy does not include PAP, then you will either need to add it to the default or create a new authentication rule that does.
Note that authentication & authorization policy hits are not updated real-time. ISE updates the hit counters every 10 minutes or so. Use Livelog error messages to understand what rules are being hit and why.