Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1392
Views
0
Helpful
8
Replies

ISDN Authorization with RADIUS using ISE 1.1.2

jain.nitin
Level 3
Level 3

‎11-20-2012 12:09 AM - edited ‎03-10-2019 07:48 PM

Hi,

I am trying to move my ISDN dialup branches authentication/authorization from old ACS 4.1 to ISE appliance. Before it was through ACS 4.2 with TACACS protocol but now since we are moving to ISE we are moving them to ISE with radius.

Problem is that isdn client gets authenticated and authorized but calls get dropped and they dont able to communicate with HO. IP address is assigned by Head End router to all remote isdn dialing branches..

I have used default "PermitAccess" in authorization policy and authentication policy is also default. I dont understand where I am going wrong as authentication and authorization is sucessful.

aaa authentication ppp default group radius local

aaa authentication network default group radius

aaa accounting network default start-stop group radius

radius-server host 12.18.22.41

radius-server key *****

below is the router configuration for AAA

can any one help in this

Labels:
0 Helpful
8 Replies 8

jan.nielsen
Level 7
Level 7

‎11-20-2012 11:47 AM

I'm guessing you need an aaa authorization command for ppp as well ? it's been quite a long time since i did any dialup so i am a bit rusty.

0 Helpful

jain.nitin
Level 3
Level 3
In response to jan.nielsen

‎11-20-2012 01:05 PM

Thanks for your reply Nielsen.... I have already put that command but it does not help.. below is the command which i have configured

aaa authorization network default group radius

0 Helpful

jan.nielsen
Level 7
Level 7
In response to jain.nitin

‎11-20-2012 01:11 PM

I was actually thinking there might be a command like :

aaa authorization ppp default group radius

0 Helpful

jain.nitin
Level 3
Level 3
In response to jan.nielsen

‎11-20-2012 01:16 PM

Actually I think there is no command like this...if you want to authorize ppp/slip/ARAP then authorization network command is used....

any other thing ? I dont know where to look for this ISE or Router ?? ISE logs showing authorization is successful but calls connect for 20 seconds and then disconnects.... no traffic flows....

0 Helpful

jain.nitin
Level 3
Level 3

‎12-04-2012 01:04 PM

any body who can help me on this..??

0 Helpful

jw.sl9
Level 1
Level 1
In response to jain.nitin

‎12-04-2012 01:16 PM

Do you have the CoA  configuration on your NAD?

aaa server radius dynamic-author

client server-key

I hope you find this information useful, if it was satisfactory for you, please mark the question as Answered. Please rate post you consider useful. -James
0 Helpful

jan.nielsen
Level 7
Level 7
In response to jw.sl9

‎12-04-2012 01:22 PM

CoA is not needed, nor supported for ISDN aaa, i used ACS 3.3 for this a long time ago. I think you should do some debugging if ise does not give you any errors.

try doing some debug aaa / debug radius & deb ppp nego  if your calls are authenticated and ip is assigned to the calling router, you should see some disconnect reason in the debug.

0 Helpful

jw.sl9
Level 1
Level 1
In response to jan.nielsen

‎12-04-2012 03:32 PM

Okay.  What you are seeing in the authentication detail report of the passed authentication: Authenticaiton Results section.  Does it contain the attributes you are expecting to be sent to the NAD?  How does it compare with what ACS 3.3 was sending?

I hope you find this information useful, if it was satisfactory for you, please mark the question as Answered. Please rate post you consider useful. -James
0 Helpful
Customers Also Viewed These Support Documents