05-25-2011 07:19 AM - edited 03-10-2019 06:06 PM
Hi,
I am trying to authenticate on Juniper NSM express using cisco ACS 5.2. The request is arriving at the cisco ACS but i am getting the following error.
05-25-2011 07:26 AM
Hi Frederik,
Well, Default Device admin by default on the ACS is meant for TACACS+ requests.
Try using the Default Network Access as the Access Service for RADIUS requests. This is the service which is by default enabled for RADIUS traffic.
Single result selection just lets you add one single selection policy. Rule based enables you to add multiple selection policies. That's the only difference.
Default Network Access here should get you started on configuring RADIUS for the NSM.
05-25-2011 07:38 AM
Hi Mohan,
Thank you for the repsonse. Do i have to change the single result selection to Default network access??
This means my tacacs devices will nog longer work?
05-25-2011 07:57 AM
Hi,
No. Your TACACS traffic will kepp hitting the Default Device Admin and
continue to work.
The RADIUS traffic will keep hitting Default Network Access and they'll
work.
I'll demonstrate what I mean here:
Click on Service Selection Rules. Here you'll find that under the Conditions
section you have Protocols as one of the conditions and the Result is
Service.
So on Rule 1 you have the Condition as TACACS protocol and the resulting
Service as Default Device Admin.
This means if the protocol used is TACACS the resulting service chosen for
this packet should be Default Device Admin.
Similarly for RADIUS packets. If the protocol (condition) is RADIUS they
will hit the Default Newtork Access service.
05-30-2011 01:55 AM
Hi Mohan,
Due to being bussy i was unable to reply to the message. I cannot find the condition you are talking about.
Under Access Policies i can find a filter option and there i can select service_type equals Network_Access.
But if i create that one he will disable my default device admin since i choose single result selection.
I have include a file with screenshots.
Kind regards,
Frederik De Muyter.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: