Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
896
Views
0
Helpful
4
Replies

3725 RAS server ios12.2 asa radius to ACS5.1 question

demory1210
Level 1
Level 1

‎11-18-2010 12:55 PM - edited ‎03-10-2019 05:35 PM

I have a 3725 that was using tacacs for auth but that is not working with our new ACS 5.1 server so for simplicity I would like to switch to radius. The authentications pass but the dial in user gets error 738 "didn't assign an address"

My auth on the 3725 is

radius-server configure-nas

radius-server host 172.30.2.172 auth-port 1645 acct-port 1646

radius-server key ********

radius-server authorization permit missing Service-Type

aaa authentication ppp default group radius local-case
aaa authorization network default group radius
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
Ant ideas would be appreciated! thanks

Labels:
0 Helpful
4 Replies 4

Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-18-2010 11:22 PM

Hi,

I think the problem is in the attributes you are sending back from ACS, not with the 3725 config.

Are your clients relying on radius assigned ip addresses ? Can you collect a debug radius to see what you are returning ?

Nicolas

0 Helpful

demory1210
Level 1
Level 1
In response to Nicolas Darchis

‎11-19-2010 11:09 AM

General OS:

  AAA Authentication debugging is on

  AAA Authorization debugging is on

  AAA Accounting debugging is on

PPP:

  PPP detailed event debugging is on

  PPP authentication debugging is on

  PPP protocol errors debugging is on

Radius protocol debugging is on

Radius protocol verbose debugging is on

Radius packet protocol debugging is on

I have turned on all the following debugging and nothing is printed to the console while dialing in. Is there a way that debugging is not sent to the console? Also how do I associate an ip pool with my device in ACS 5,1. The new acs software is rather confusing, I guess that's a given since it's a cisco product.
thanks!

0 Helpful

demory1210
Level 1
Level 1
In response to demory1210

‎11-19-2010 11:42 AM

interface Group-Async1

ip unnumbered FastEthernet0/0

encapsulation ppp

ip tcp header-compression

no ip mroute-cache

async mode interactive

peer default ip address pool 172.30.3.0-172.30.3.150

no keepalive

no fair-queue

ppp authentication pap

group-range 65 88

!

peer default ip address pool RAS
I changed the above line to be a defined pool to no avail. Don't know if this adds any new info
thanks

0 Helpful

demory1210
Level 1
Level 1
In response to demory1210

‎11-19-2010 12:04 PM

peer default ip address pool 172.30.3.0-172.30.3.150

I changed this to

peer default ip address pool dhcp

and it works.

thanks

0 Helpful
Customers Also Viewed These Support Documents