ISDN Authorization with RADIUS using ISE 1.1.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2012 12:09 AM - edited 03-10-2019 07:48 PM
Hi,
I am trying to move my ISDN dialup branches authentication/authorization from old ACS 4.1 to ISE appliance. Before it was through ACS 4.2 with TACACS protocol but now since we are moving to ISE we are moving them to ISE with radius.
Problem is that isdn client gets authenticated and authorized but calls get dropped and they dont able to communicate with HO. IP address is assigned by Head End router to all remote isdn dialing branches..
I have used default "PermitAccess" in authorization policy and authentication policy is also default. I dont understand where I am going wrong as authentication and authorization is sucessful.
aaa authentication ppp default group radius local
aaa authentication network default group radius
aaa accounting network default start-stop group radius
radius-server host 12.18.22.41
radius-server key *****
below is the router configuration for AAA
can any one help in this
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2012 11:47 AM
I'm guessing you need an aaa authorization command for ppp as well ? it's been quite a long time since i did any dialup so i am a bit rusty.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2012 01:05 PM
Thanks for your reply Nielsen.... I have already put that command but it does not help.. below is the command which i have configured
aaa authorization network default group radius
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2012 01:11 PM
I was actually thinking there might be a command like :
aaa authorization ppp default group radius
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2012 01:16 PM
Actually I think there is no command like this...if you want to authorize ppp/slip/ARAP then authorization network command is used....
any other thing ? I dont know where to look for this ISE or Router ?? ISE logs showing authorization is successful but calls connect for 20 seconds and then disconnects.... no traffic flows....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2012 01:04 PM
any body who can help me on this..??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2012 01:16 PM
Do you have the CoA configuration on your NAD?
aaa server radius dynamic-author
client
I hope you find this information useful, if it was satisfactory for you, please mark the question as Answered. Please rate post you consider useful. -James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2012 01:22 PM
CoA is not needed, nor supported for ISDN aaa, i used ACS 3.3 for this a long time ago. I think you should do some debugging if ise does not give you any errors.
try doing some debug aaa / debug radius & deb ppp nego if your calls are authenticated and ip is assigned to the calling router, you should see some disconnect reason in the debug.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2012 03:32 PM
Okay. What you are seeing in the authentication detail report of the passed authentication: Authenticaiton Results section. Does it contain the attributes you are expecting to be sent to the NAD? How does it compare with what ACS 3.3 was sending?
I hope you find this information useful, if it was satisfactory for you, please mark the question as Answered. Please rate post you consider useful. -James
