Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
4
Helpful
5
Replies

ACS 5.2/5.3 configuring packeteer attributes

maller
Level 1
Level 1

‎10-10-2012 07:17 AM - edited ‎03-10-2019 07:39 PM

Hello

We have found the following  issue configuring radius attributes for network access with packeteer appliances.

With PAcketeer-AVPair  attribute , value --> access=touch

Login fails and we see this

PacketShaper# radius login user password

"user" RADIUS Authentication Fail

Vendor-Specific: ccess=touch  <--- value is bad

PAcketeer is not receiving  vendor-specific value correctly,

As workaround , we put other character  before value --    xacces=touch

PacketShaper# radius login user password

"user" RADIUS Authentication OK

Vendor-Specific: access=touch

anybody has found this issue?

thanks

Labels:
0 Helpful
5 Replies 5

jrabinow
Level 7
Level 7

‎10-10-2012 07:27 AM

I am not familiar with this specific vendor but one thing to check is the settings for the following advanced fields as part of the VSA definition Advanced Settings

Vendor Length Field Size:

Vendor Type Field Size:

Not sure at all if related but worth checking

0 Helpful

nkarthikeyan
Level 7
Level 7

‎10-10-2012 07:49 PM

Hi Maller,

You have to configure a settings for the packet teer authentication to make it work with ACS 5.2/3 versions. But in Packeteer PS doesn't need much change in the configurations.

I have one document which is specific to ACS/PS configuration attributes. I will share you a document where you need to cross check the same. Get me your email id so that i can share that pdf file

Please do rate if the given information helps.

By

Karthik

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to nkarthikeyan

‎10-10-2012 07:58 PM

Hi Maller,

Please refer the below document post and cross check if anything is missing. I have posted in document.

https://supportforums.cisco.com/docs/DOC-27259

Please do rate if the given information helps.

By

Karthik

maller
Level 1
Level 1
In response to nkarthikeyan

‎10-11-2012 06:59 AM

Thanks Karthik

I read your document before to configure AAA for packeteer appliances and it was helpful . But problem persists , as I wrote vendor attribute is not delivered correctly by ACS to the packeteer.

If I configure as vendor attribute :  access=touch  , packeteer receives  -> ccess=touch . Login failed

then , I configure with any character before attribute .  ie  xaccess=touch ,  packeteer recives --> access=touch . Login successful

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to maller

‎10-11-2012 07:44 AM

Hi Maller,

Get me the complete OS version you are using @ both the ends....

This seems to be an SW Bug....

I wonder how the 1st character of the attribute will get removed while retrieving. This is a starnge case.

But however we are not facing such problems in our enviromment... may be if you can check by upgrading OS @ both the ends.

Also did u checked with Cisco TAC or VFM(PS)?????

Let me come back if i have any further info on this.

Please do rate if the given information helps.

By

Karthik

0 Helpful
Customers Also Viewed These Support Documents