Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1505
Views
10
Helpful
5
Replies

realm on ACS ?

pt_wang
Level 1
Level 1

‎12-13-2010 08:03 PM - edited ‎03-10-2019 05:39 PM

I am searching the solution  "realm" concept of Linus Radius  on Cisco ACS.

The customer hope their authentications such as account aaa@bbb.ccc send to a specific Radius server while other accounts aaa(such as no realm) to their window database(unknown user policy).

Labels:
0 Helpful
5 Replies 5

Tarik Admani
VIP Alumni
VIP Alumni

‎12-13-2010 08:59 PM

Which version of ACS are you trying to accomplish this on, if you are trying this on our older ACS software (pre 5.x) you will go to Network Configuration -> Proxy Distribution Table -> Add Entry

You will enter @bbb.ccc select suffix for the positoin field then select the radius server you would like to forward this to. (keep in mind the radius server will have to be added under the network configuration page)

If you need directions for ACS 5.x let me know. I can try to put together some screen captures and post them up.

Thanks,

Tarik Admani

0 Helpful

pt_wang
Level 1
Level 1

‎12-15-2010 07:50 PM

I add another Radius server on ACS.  But in ACS ,I can not select ports  (It use 1645/1646)

How I add another Radius Server on ACS using ports 1812/1813?

0 Helpful

maldehne
Cisco Employee
Cisco Employee
In response to pt_wang

‎12-15-2010 11:59 PM

When Adding new AAA server entry with server Type CiscoSecure ACS , even if you select 1645,1646 the 1812,18,13 port set still valid and ACS can handle Radius auth and acct packets received on those ports as well.

So if the other Radius server that you are willing to proxy part of the RADIUS AAA traffic is Cisco Secure ACS it should be fine.

Mohammad Aldehnee

-----------------------------------

Don't forget to rate answers that you find useful

0 Helpful

pt_wang
Level 1
Level 1
In response to maldehne

‎12-16-2010 02:03 AM

My ACS version is 3.3.

I add another Radius server is Unix type so I select Radius and no port I can define here.

I was sniff the packets out to radius server ( I defined in proxy distribution table), the ports used is 1645/1646.

0 Helpful

maldehne
Cisco Employee
Cisco Employee
In response to pt_wang

‎12-16-2010 02:11 AM

Does your Unix RADIUS server supports the two sets of ports or only 1812 and the 1813

If it supports only one set you can edit the port numbers at least on the new releases.

But specifying two sets of ports upon the addition of a new RADIUS server is not possible.

Mohammad Aldehnee

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents