11-13-2015 07:17 AM - edited 03-10-2019 11:14 PM
Steps
|
Even after loading the corresponding RADIUS Dictonaries on Nokia and 3GGP I still have the same error and the ISE does not do any kind of authentication. My AUTH Policy looks like this:
>Default> use "internal Users" and "if authentication failed“ => Continue
I have the corresponding user created, but I still cannot get any positive authentication. Here are the detailed steps:
Overview
|
Authentication Details
|
Other Attributes
|
Result
RadiusPacketType |
AccessReject |
AuthenticationResult |
Failed |
Is there any way to find out which RADIUS Attribute the ISE does not accept?
Maybe like this i can find out which dictonary still missing.
11-17-2015 05:47 AM
If you capture the traffic on the ISE and download to Wireshark it should be possible to find out.
GUI: Operations > Troubleshoot > Diagnostic tools > General Tools > TCP Dump
11-18-2015 08:43 AM
Thanks Mikael
with the TCP Dump I can see 3 attributes which should have a different value in the "other attributes" list.
which are
ATTRIBUTE 3GPP-MS-TimeZone 23 string à “@”
ATTRIBUTE 3GPP-Negotiated-DSCP 26 string à “1e”
ATTRIBUTE 3GPP-RAT-Type 21 string à “02”
11-17-2015 11:54 AM
Please disable suppression (right click on the record under RADIUS Livelog and select Bypass Suppression for 1 hour) and test again. There will be more specific errors provided.
11-18-2015 08:40 AM
Hello Kurmai
thank you for your answer, unfortunately there arn't more specific errors listed, although I enabled bypass suppression.
I have 3 attributes which won't show properly in the "other attributes". I changed the config to string, octet string and integer.
When I set the values to string, then the value in the other attributes list is:
ATTRIBUTE 3GPP-MS-TimeZone 23 string à “@”
ATTRIBUTE 3GPP-Negotiated-DSCP 26 string à “1e”
ATTRIBUTE 3GPP-RAT-Type 21 string à “02”
ATTRIBUTE 3GPP-MS-TimeZone 23 octet stringà “40:00”
ATTRIBUTE 3GPP-Negotiated-DSCP 26 octet string à “1e”
ATTRIBUTE 3GPP-RAT-Type 21 octet string à “02”
ATTRIBUTE 3GPP-MS-TimeZone 23 integer à “dosen't show in the attributes list”
ATTRIBUTE 3GPP-Negotiated-DSCP 26 integer à “dosen't show in the attributes list”
ATTRIBUTE 3GPP-RAT-Type 21 integer à “dosen't show in the attributes list”
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide