10-10-2012 07:17 AM - edited 03-10-2019 07:39 PM
Hello
We have found the following issue configuring radius attributes for network access with packeteer appliances.
With PAcketeer-AVPair attribute , value --> access=touch
Login fails and we see this
PacketShaper# radius login user password
"user" RADIUS Authentication Fail
Vendor-Specific: ccess=touch <--- value is bad
PAcketeer is not receiving vendor-specific value correctly,
As workaround , we put other character before value -- xacces=touch
PacketShaper# radius login user password
"user" RADIUS Authentication OK
Vendor-Specific: access=touch
anybody has found this issue?
thanks
10-10-2012 07:27 AM
I am not familiar with this specific vendor but one thing to check is the settings for the following advanced fields as part of the VSA definition Advanced Settings
Vendor Length Field Size: | |
Vendor Type Field Size: |
Not sure at all if related but worth checking
10-10-2012 07:49 PM
Hi Maller,
You have to configure a settings for the packet teer authentication to make it work with ACS 5.2/3 versions. But in Packeteer PS doesn't need much change in the configurations.
I have one document which is specific to ACS/PS configuration attributes. I will share you a document where you need to cross check the same. Get me your email id so that i can share that pdf file
Please do rate if the given information helps.
By
Karthik
10-10-2012 07:58 PM
Hi Maller,
Please refer the below document post and cross check if anything is missing. I have posted in document.
https://supportforums.cisco.com/docs/DOC-27259
Please do rate if the given information helps.
By
Karthik
10-11-2012 06:59 AM
Thanks Karthik
I read your document before to configure AAA for packeteer appliances and it was helpful . But problem persists , as I wrote vendor attribute is not delivered correctly by ACS to the packeteer.
If I configure as vendor attribute : access=touch , packeteer receives -> ccess=touch . Login failed
then , I configure with any character before attribute . ie xaccess=touch , packeteer recives --> access=touch . Login successful
10-11-2012 07:44 AM
Hi Maller,
Get me the complete OS version you are using @ both the ends....
This seems to be an SW Bug....
I wonder how the 1st character of the attribute will get removed while retrieving. This is a starnge case.
But however we are not facing such problems in our enviromment... may be if you can check by upgrading OS @ both the ends.
Also did u checked with Cisco TAC or VFM(PS)?????
Let me come back if i have any further info on this.
Please do rate if the given information helps.
By
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide