01-10-2013 07:20 AM - edited 03-10-2019 07:57 PM
I'm doing a migration from ACS 3.x to 5.3, which basically means to rebuild everything from scratch.
The authenication client is in this case an 2G/3G gprs/umts operator.
The real client is a cisco router with a 3G wic, dialing into the operators network with ppp/chap and dynamic (on the router dialer) ip address.
Talking aganst the old 3.x acs this works fine, but when switching over to the new acs 5.3 the router authenticates but can not build an ip link for some - so far unknown - reason.
I sniffed the radius communication and i notice that the reply from the acs3 is different from the acs 5.3 system.
acs 3 replies with av-pairs:
- framed-ip-address(8)
- class(25)
acs 5.3 replies with av-pairs:
- user-name(1)
- framed-ip-address(8)
- class(25)
Could this be the reason tham my remote router will not build ip connectivity over 3G with acs 5.3?
And if so - how do i remove the user-name av-pair?
Thanks,
01-10-2013 07:07 PM
Hi,
Can you please give us some details on the client.
Tarik Admani
*Please rate helpful posts*
01-11-2013 02:04 AM
In the mean time i contacted the mobile operator, since that is the radius client that talks to our ACS.
The mobile device that dials into the mobile network has this configuration.
interface Cellular0/0/0
description *** vodafone mobile connect SIM card with APN
no ip address
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer in-band
dialer pool-member 1
async mode interactive
ppp ipcp dns request
!
!
!
interface Dialer1
description *** to UMTS network ***
bandwidth 300
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string
dialer persistent
dialer-group 1
no cdp enable
ppp chap hostname
ppp chap password 7
ppp ipcp dns request
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: