cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
2
Replies

Deploying ISE with TACACS, PPP and ISDN

cgrodde
Level 1
Level 1

Hi,

i am currently struggling with the migration of a ACS/TACACS based ISDN dial in solution to ISE 2.3.

My problem is finding the missing bits under ISE. And if it's generally supported or works at all.

I have configured a couple of Cisco AV-pairs e.g. protocol=lcp,ip,multilink....debug tacacs shows me that the attributes are accepted by the router, but for some reason the router is disconnecting the ppp session:-(

 

Is there anyone who has a running setup with ISE & TACACS & PPP/CHAP & ISDN?

I would be very thankful for documentation hints or any experience for such a setup!

 

Thanks

Christian

2 Replies 2

Arne Bier
VIP
VIP

I have not used TACACS with PPP ... but if the ACS system is still around, have you considered capturing a tcpdump on the ACS server CLI and then analyzing (comparing) it with the ISE tcpdump that is failing?  Sometimes having a side by side comparison may be helpful. 

If the TACACS return traffic to the NAS is identical, then it could be some lingering ACS config on the NAS that needs to change (or be brought in line for ISE IP address etc.).  E.g. using a RADIUS analogy,  it's easy to overlook changing the CoA IP address on the NAS ... :-p and then wonder why the new Radius server doesn't do what the old one did.

hslai
Cisco Employee
Cisco Employee

Adding to Arne Bier's ...

What really needed is to debug on the network device, the one providing the ISDN dial-in, itself and see why it disconnecting the session. You would probably need to contact the vendor or the platform support for that network device.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: