cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2083
Views
0
Helpful
4
Replies

ACS 5.2 authentication radius juniper NSM

Hi,

I am trying to authenticate on Juniper NSM express using cisco ACS 5.2.  The request is arriving at the cisco ACS but i am getting the following error.

RADIUS requests can only be processed by Access Services that are of type Network Access.
The ACS is configured with service selection rule Default Device admin (single result selection).
Can somebody point me into a good direction on how to solve this.
I suspect the ACS needs to be switched to Rule based selection result for the Network Access type to work.
Kind regards,
Frederik De Muyter.
4 Replies 4

srirmoha
Level 1
Level 1

Hi Frederik,

Well, Default Device admin by default on the ACS is meant for TACACS+ requests.

Try using the Default Network Access as the Access Service for RADIUS requests. This is the service which is by default enabled for RADIUS traffic.

Single result selection just lets you add one single selection policy. Rule based enables you to add multiple selection policies. That's the only difference.

Default Network Access here should get you started on configuring RADIUS for the NSM.

Hi Mohan,

Thank you for the repsonse.  Do i have to change the single result selection to Default network access??

This means my tacacs devices will nog longer work?

Hi,

No. Your TACACS traffic will kepp hitting the Default Device Admin and

continue to work.

The RADIUS traffic will keep hitting Default Network Access and they'll

work.

I'll demonstrate what I mean here:

Click on Service Selection Rules. Here you'll find that under the Conditions

section you have Protocols as one of the conditions and the Result is

Service.

So on Rule 1 you have the Condition as TACACS protocol and the resulting

Service as Default Device Admin.

This means if the protocol used is TACACS the resulting service chosen for

this packet should be Default Device Admin.

Similarly for RADIUS packets. If the protocol (condition) is RADIUS they

will hit the Default Newtork Access service.

Hi Mohan,

Due to being bussy i was unable to reply to the message.  I cannot find the condition you are talking about.

Under Access Policies i can find a filter option and there i can select service_type equals Network_Access.

But if i create that one he will disable my default device admin since i choose single result selection.

I have include a file with screenshots.

Kind regards,

Frederik De Muyter.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: