I am configuring some of my devices to use CHAP when their backup ISDN interface dials out to the 7200 concentrator node. I wan the CHAP requests to hit our ACS 5.2 appliances and be authenticated via this method. I have built a rule for 'Default netowrk access' which specifies these devices only however when I bring up the ISDN call the process fails. When I look at the logs it doesn't give an error reason but it does say that it failed on one of the rules in the 'default device admin' rule set.
I even went to the bother of specifying a single IP address of one of the ISDN backup devices but the result is always the same.
Does anyone ahve any guiance as to what I'm doing wrong here? Any help would be appreciated
Is the device properly configured to use RADIUS for the ISDN calls? If the ACS is complaining that it hit a 'default device admin' rule then the request is getting to the server on TACACS+. Please check the default settings for Access Service Selection Rules:
As you can see, we will get assigned to the Default Device Admin only if the request comes over TACACS+. Please verify that the request is getting as RADIUS to the server for it to hit Default Network Access instead.
thanks for your reply. My initial message was posted in haste so I didn't get time to include more information. I neglected to mention that this process is working on our ACS 3.3 with the current configuration. When I point the 7200 concentrator and the client device at the new 5.2 ACS the CHAP fails for the reasons mentioned above. Are there any configuration changes that need to be added to facilitatie CHAP authentication on the newer ACS appliances?
P.S I have attached a doc outlining the Dialer and ACS config on both Client and concentrator. I have changed addresses from their original for security purposes.