Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1223
Views
10
Helpful
7
Replies

ACS v5.3 and Nortel Network

Go to solution
juan.zarate
Level 1
Level 1

‎06-04-2013 01:10 AM - edited ‎03-10-2019 08:30 PM

Hello,

I have an Avaya (Nortel) device (VSP9012), and  I don´t get it  to work with the Radius version 5.3.

In ACS v4.2, it worked well, although it is true that I was a long time to get it, because Nortel devices require special attributes, for operation with the radius.

The Radius server accepts the authentication request (I can see it in both, in the radius server and in the device), but does not let me access at device. I think that the problem is in  some attribute of privileges, but I can not find where or which.

     This is what I have added:

  ID: 192 VALUE Access-Priority Read-Write-All-Access 6

Many Thanks

A greeting

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to juan.zarate

‎06-04-2013 06:13 AM

It should be Unsigned Integer 32 but I am also thinking that why we need that since we have already seleceted - Read-Write-All-Access.

try this only and delete the first one.

Jatin Katyal
- Do rate helpful posts -

~Jatin

View solution in original post

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to juan.zarate

‎06-05-2013 01:34 AM

Glad. have a good one!!!

Jatin Katyal
- Do rate helpful posts -

~Jatin

View solution in original post

7 Replies 7

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-04-2013 02:13 AM

I was going through this link and found below listed attribute.

http://www.opensource.apple.com/source/freeradius/freeradius-36/freeradius/share/dictionary.bay

# Passport 8000 Series Specific Attributes

#

ATTRIBUTE    Passport-Access-Priority        192    integer

VALUE    Passport-Access-Priority    None-Access        0

VALUE    Passport-Access-Priority    Read-Only-Access    1

VALUE    Passport-Access-Priority    L1-Read-Write-Access    2

VALUE    Passport-Access-Priority    L2-Read-Write-Access    3

VALUE    Passport-Access-Priority    L3-Read-Write-Access    4

VALUE    Passport-Access-Priority    Read-Write-Access    5

VALUE    Passport-Access-Priority    Read-Write-All-Access    6

Could you please provide the screen shots from the ACS > policy elements > network authorization where you added this attribute along with the access-policies > Default network access > authorization rule where you seleceted it in a rule.

Also, do you radius authorization getting passed in ACS logging?

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful

Go to solution
juan.zarate
Level 1
Level 1
In response to Jatin Katyal

‎06-04-2013 05:10 AM

Hello Jatin,

Yes. I saw this page too.

I attached these screens  that you told me.

And yes. The authorization pass in the ACS, and in the device. But I can´t access it.

You can see the statistics of the device:

   Radius Server(UsedBy) : X.X.X.X(cli)

--------------------------------------------------------

         Access Requests : 15

          Access Accepts : 15

          Access Rejects : 0

           Bad Responses : 0

          Client Retries : 10

        Pending Requests : -1

        Acct On Requests : 0

       Acct Off Requests : 0

     Acct Start Requests : 0

      Acct Stop Requests : 0

   Acct Interim Requests : 0

      Acct Bad Responses : 0

   Acct Pending Requests : 0

     Acct Client Retries : 0

       Access Challanges : 0

         Round-trip Time :

          Nas Ip Address : X.X.X.X

Thanks

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to juan.zarate

‎06-04-2013 05:21 AM

"Passport-Access-Priority" is an Integer type attribute, therefore, it should be configured with an integer between 0 and 6 as the value and not a String. Please change the attribute type as Interger for value 6 and try again.

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful

Go to solution
juan.zarate
Level 1
Level 1
In response to Jatin Katyal

‎06-04-2013 06:02 AM

What type of Integer?

Integer 32

Integer 64

Unsigned Integer 32

Unsigned Integer 64

I understand that maybe  "Unsigned Integer 32 ", because these are the options when I try edit the type attribute:

String

IPv4

Unsigned Integer 32

Hex string

Enumeration

Although I can create one new attribute with the type that you will say me.

Thanks again for your quickly.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to juan.zarate

‎06-04-2013 06:13 AM

It should be Unsigned Integer 32 but I am also thinking that why we need that since we have already seleceted - Read-Write-All-Access.

try this only and delete the first one.

Jatin Katyal
- Do rate helpful posts -

~Jatin

Go to solution
juan.zarate
Level 1
Level 1
In response to Jatin Katyal

‎06-04-2013 10:07 PM

Hi Jatin,

It works successful

If I put only Access-User-Level attribute, it doesn´t work. But If I put the ID 192 Attribute in format Integer, it works OK.

Thanks for your time. You have been one big help

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to juan.zarate

‎06-05-2013 01:34 AM

Glad. have a good one!!!

Jatin Katyal
- Do rate helpful posts -

~Jatin
Customers Also Viewed These Support Documents