cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1010
Views
0
Helpful
3
Replies

Default network access and CHAP

ciaranjmurphy
Level 1
Level 1

Hi folks,

I am configuring some of my devices to use CHAP when their backup ISDN interface dials out to the 7200 concentrator node. I wan the CHAP requests to hit our ACS 5.2 appliances and be authenticated via this method. I have built a rule for 'Default netowrk access' which specifies these devices only however when I bring up the ISDN call the process fails. When I look at the logs it doesn't give an error reason but it does say that it failed on one of the rules in the 'default device admin' rule set.

I even went to the bother of specifying a single IP address of one of the ISDN backup devices but the result is always the same.

Does anyone ahve any guiance as to what I'm doing wrong here? Any help would be appreciated

Kind Regards

Ciaran

3 Replies 3

camejia
Level 3
Level 3

Hello Ciaran,

Is the device properly configured to use RADIUS for the ISDN calls? If the ACS is complaining that it hit a 'default device admin' rule then the request is getting to the server on TACACS+. Please check the default settings for Access Service Selection Rules:

As you can see, we will get assigned to the Default Device Admin only if the request comes over TACACS+. Please verify that the request is getting as RADIUS to the server for it to hit Default Network Access instead.

If this was helpful please rate.

Regards.

Hi Carlos,

thanks for your reply. My initial message was posted in haste so I didn't get time to include more information. I neglected to mention that this process is working on our ACS 3.3 with the current configuration. When I point the 7200 concentrator and the client device at the new 5.2 ACS the CHAP fails for the reasons mentioned above. Are there any configuration changes that need to be added to facilitatie CHAP authentication on the newer ACS appliances?

Regards

Ciaran

P.S I have attached a doc outlining the Dialer and ACS config on both Client and concentrator. I have changed addresses from their original for security purposes. 

ciaranjmurphy
Level 1
Level 1

Folks,

what I was seeing was the result of a bug CSCth30275 the solution to which is to upgrade to 5.3 patch 1.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: