cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3856
Views
5
Helpful
4
Replies

ACS 5.2 RADIUS for Device Admin

ragaripo
Level 1
Level 1

Hi team,

We have ACS 5.2.0.26 installed and objects were migrated from ACS 4.2

I have configured device admin access using for some devices RADIUS, for other TACACS+.

For TACACS+ device admin works fine, but for RADIUS I've got strange error:

RADIUS Request dropped : 11033 Selected Service type is not Network Access

STEPS:

11001  Received RADIUS Access-Request
11017  RADIUS created a new session
Evaluating Service Selection Policy
15004  Matched rule
15012  Selected Access Service - Admin Access
11033  Selected Service type is not Network Access

Cisco-AVPairs:
Other Attributes:
ACSVersion=acs-5.2.0.26-B.3075
ConfigVersionId=8
Device Port=1645
RadiusPacketType=AccessRequest
Protocol=Radius
Service-Type=Login
Device IP Address=1.150.90.190

Any ideas?

Best regards,

Rafis

1 Accepted Solution

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

We can not  use device administration policy for radius in ACS 5.


For ‘Administration of device via radIus’ you need to use Network Access service.


RADIUS >>>> Network Access service in ACS 5.1. Please switch the service selection rule to network access.

This is a bit misleading so don't be surprized:)


Rgds, Jatin


Do rate helpful posts-

~Jatin

View solution in original post

4 Replies 4

ragaripo
Level 1
Level 1

I found solution:

We need to change:

RADIUS-IETF:Service-Type match Login

To:

RADIUS-IETF:Service-Type match Administrative

Yeah, I also had this issue... It´s actually pretty easy to solve!

For ‘Administration of device via radIus’ you need to use Network Access service.

Go to

Access Policies >Access  Services >Service Selection Rules


Check your RADIUS rule. You should have Network Access as the Service Type. Note that this cannot be modified, so delete the existing rule and create a new one with the same Identity and Authorization config.

Thats it, works as a charm

Jatin Katyal
Cisco Employee
Cisco Employee

We can not  use device administration policy for radius in ACS 5.


For ‘Administration of device via radIus’ you need to use Network Access service.


RADIUS >>>> Network Access service in ACS 5.1. Please switch the service selection rule to network access.

This is a bit misleading so don't be surprized:)


Rgds, Jatin


Do rate helpful posts-

~Jatin

Yes it confusing...

So I did additional policy for network access for RADIUS with custom attributes and now it is working