cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

376
Views
0
Helpful
2
Replies
Highlighted
Beginner

ACS 5.3 radius request - replies with username

I'm doing a migration from ACS 3.x to 5.3, which basically means to rebuild everything from scratch.

The authenication client is in this case an 2G/3G gprs/umts operator.

The real client is a cisco router with a 3G wic, dialing into the operators network with ppp/chap and dynamic (on the router dialer) ip address.

Talking aganst the old 3.x acs this works fine, but when switching over to the new acs 5.3 the router authenticates but can not build an ip link for some - so far unknown - reason.

I sniffed the radius communication and i notice that the reply from the acs3 is different from the acs 5.3 system.

acs 3 replies with av-pairs:

- framed-ip-address(8)

- class(25)

acs 5.3 replies with av-pairs:

- user-name(1)

- framed-ip-address(8)

- class(25)

Could this be the reason tham my remote router will not build ip connectivity over 3G with acs 5.3?

And if so - how do i remove the user-name av-pair?

Thanks,

2 REPLIES 2
Highlighted
Advocate

Hi,

Can you please give us some details on the client.

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Highlighted

In the mean time i contacted the mobile operator, since that is the radius client that talks to our ACS.

The mobile device that dials into the mobile network has this configuration.

interface Cellular0/0/0

description *** vodafone mobile connect SIM card with APN ***

no ip address

ip virtual-reassembly

encapsulation ppp

load-interval 30

dialer in-band

dialer pool-member 1

async mode interactive

ppp ipcp dns request

!

!

!

interface Dialer1

description *** to UMTS network ***

bandwidth 300

ip address negotiated

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer string -profile

dialer persistent

dialer-group 1

no cdp enable

ppp chap hostname

ppp chap password 7

ppp ipcp dns request