cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2389
Views
0
Helpful
1
Replies

Cisco Secure ACS 2.6 Returns too many RADIUS attributes

darren.foo
Level 1
Level 1

Hi all,

I'm trying to authenticate my Firewall-1 VPN users to Cisco Secure ACS 2.6. FW-1 ignores packets that have unnecessary attributes returned. I've turned off all attributes in the Interface Configuration screen but a snoop shows that the ACS box is still sending several attributes.

1 Reply 1

wdrootz
Level 4
Level 4

It is hard to say what CSNT is sending back in the way of attributes without debug (http://www.cisco.com/warp/public/480/9.html) or a sniffer trace. I think RFC 2138 addresses what is sent. If the FW1 ignores packets that have unnecessary attributes, I don't know why there is a need to turn off attributes.