Re: Adding AAA servers to ACS to use Proxy RADIUS distribution T

Gustavo Novais · ‎03-03-2005

Hello,

I've added two non ACS radius servers (Radiator) to the AAA servers on Network Config, in order to use them on a proxy distribution table.

I had problems authenticating users through those servers and I did a sniffer trace on the outside interface of the ACS.

What I saw is that ACS sends packets to the AAA server configured as RADIUS on port 1645, not 1812, the expected standard, and port to which the others servers are listening to. How can I change this behaviour?

Thanks

Gustavo

gfullage · ‎03-03-2005

ACS by default will listen on both ports 1645 and 1812, the two "standard" Radius ports. However, when talking to a proxy server it will only send them on 1645, by default. To change this you have to go into the registry and change it as follows:

Under [HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.x\Hosts\\RADIUS] (where is the server you want to send the 1812 reuests to, and note that you may have to add the RADIUS key if it isn't there already), you can add the following:

"authPort"=dword:0000066e <<---- 1645

"acctPort"=dword:0000066d <<---- 1646

"timeout"=dword:00000001

"single connection"=dword:00000000

"strip users"=dword:00000000

You don't need all of them, you can just change the authPort to 1812 (714 in hex) and acctPort to 1813 (0x715) and you should be good to go. Make sure you reboot the server after making the registry changes. Keys are case-sensitive too so make sure you type them in EXACTLY as I've shown above.

Gustavo Novais · ‎03-04-2005

Hello, thank you for your fast response.

My problem is that I have an ACS Solution Engine! not an ACS for Windows :((

If you know the similar solution to ACS_SE, I would be most grateful!

Thank you

Gustavo

Adding AAA servers to ACS to use Proxy RADIUS distribution Table