ACS 5.3 radius request - replies with username

joopv · ‎01-10-2013

I'm doing a migration from ACS 3.x to 5.3, which basically means to rebuild everything from scratch.

The authenication client is in this case an 2G/3G gprs/umts operator.

The real client is a cisco router with a 3G wic, dialing into the operators network with ppp/chap and dynamic (on the router dialer) ip address.

Talking aganst the old 3.x acs this works fine, but when switching over to the new acs 5.3 the router authenticates but can not build an ip link for some - so far unknown - reason.

I sniffed the radius communication and i notice that the reply from the acs3 is different from the acs 5.3 system.

acs 3 replies with av-pairs:

- framed-ip-address(8)

- class(25)

acs 5.3 replies with av-pairs:

- user-name(1)

- framed-ip-address(8)

- class(25)

Could this be the reason tham my remote router will not build ip connectivity over 3G with acs 5.3?

And if so - how do i remove the user-name av-pair?

Thanks,

Tarik Admani · ‎01-10-2013

Hi,

Can you please give us some details on the client.

Tarik Admani
*Please rate helpful posts*

joopv · ‎01-11-2013

In the mean time i contacted the mobile operator, since that is the radius client that talks to our ACS.

The mobile device that dials into the mobile network has this configuration.

interface Cellular0/0/0

description *** vodafone mobile connect SIM card with APN ***

no ip address

ip virtual-reassembly

encapsulation ppp

load-interval 30

dialer in-band

dialer pool-member 1

async mode interactive

ppp ipcp dns request

!

interface Dialer1

description *** to UMTS network ***

bandwidth 300

ip address negotiated

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer string -profile

dialer persistent

dialer-group 1

no cdp enable

ppp chap hostname

ppp chap password 7

ppp ipcp dns request