Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm run a ACS 2.4.3\NAS (radius) dial-in service, and when the dial-in user come in, they are authenticated and given a static IP. What I would like to do is also apply an outward-bound (on the NAS i/f) ACL that restricts the user to only going to de...
Not true, the NAS\ CAS sends the authentication requests to ACS on behalf of the user. If the NAS\ CAS is DHCPing prior to authentication, then the config is wrong.You can force the situation of authentication then DHCP, by making the ACS the dhcp se...
a) OK, let's put it another way, would the designer put NT Primary Domian Controller on the DMZ? No, of course he wouldn't, because the DMZ is accessible by all, and the device holds secure information.b) Not enough information to fully comment, but ...
Just turning radius on in the cisco does not turn accounting on, or authorisation on. So you need to make sure that the NAS config is built on "AAA new- model", and has the line "AAA accounting network start-stop radius". Please check the format of t...
Hmm, I'd have thought the radius retransmit would take care of this. Are you sure it's an error condition you are seeing, and not simply a NAK error?If the return code is a NAK error, there is no point in sending the packet again as the Ace Server wi...
