06-05-2010 06:27 AM - edited 03-15-2019 11:06 PM
Hi to all,
I have one issue, the customer need to configure the radius in the voice gateway (router 2821) and enter the following command,
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa session-id common
dot1x system-auth-control
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port1812 key xxxxx
so i try to login its give authentication fail. no local username & password in router and i can't login to my voice gateway.
and i need to assgin this radius to cisco call manager 7.1.3 if possible.
ples i need support in this issue.
thanks
06-05-2010 07:03 AM
As for the gateway, you would need to work with the customer on how you can resolve your logon issues. Something may be misconfigured or your account is not permitted to logon/manage the voice gateway in ACS or whatever backend Radius system they are using. Can anyone logon to the box? Check the Radius server. Worst case: if you have a fallback to local then you can pull network interfaces or apply ACLs up stream to block radius traffic, and then logon using the local credentials (via the console). Once you get into the system, you may want to create a local account on the system and then test VTY connections via radius before disconnecting/logging out of the console.
Now, as far as CUCM is concerned, there is no support for Radius or Tacacs. You can authenticate users locally OR you can authenticate users against an LDAP backend. Keep in mind that Radius also needs a set of credentials to authenticate a user. Your customer may already be using a backend LDAP (like Microsoft AD) as the credential store. If so, then technically if you had CUCM authenticating against LDAP and Radius authenticating against LDAP, then that should be acceptable. Now, as far as authorization and account controls are concerned, that is a different matter.
CUCM ONLY uses local authorization controls. These are facilitated via local groups and roles. It is pretty granular. For accounting, in 7.1(2) and later there is an audit logging feature that is available. It is improved in 7.1(5).
HTH.
Regards,
Bill
Please remember to rate helpful posts.
Please remember to rate helpful responses and identify
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide