HSE 1.9 and RADIUS

Unanswered Question
Jul 17th, 2007

Hi all,

I'm trying to configure my HSE to use a RADIUS server so I can give users access to the HSE in order to monitor our CSM and CSS devices.

Would anyone happen to know what has to be contained in the cisco-avpair that the HSE expects from the RADIUS server?

I haven't been able to find any documentation that fully explains this.

Any help would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
its-networking Tue, 07/17/2007 - 00:08

Yes, I have seen that documentation, and tried the format as listed there.

Unfortunately it didn't work.


its-networking Tue, 07/17/2007 - 00:18

Also, I should add that I am trying to get it working with a standalone RADIUS server, not the Cisco product shown in the document above.

dkirsch Thu, 07/19/2007 - 17:57

I'll get a copy of an example to post here for you if you still need this.

lyu2 Fri, 07/20/2007 - 07:54

the cisco doc give the guideline for HSE been authenticated in TACACS+ /Radius. But not for the CSS/CSM. One thing maybe helpful is adding the CSS/CSM devices to ACS server.

its-networking Fri, 07/20/2007 - 22:01

Thanks for the replies guys.

The guide linked by dkirsch seems to be the same document that was linked earlier.

I am using the Radiator RADIUS server, not ACS or CiscoWorks.

The authentication part works, and the RADIUS server sends back a Radius-Accept to the HSE, it seems to be that the cisco-avpair that I am sending back is wrong, and the HSE doesn't know what to do with it.

I've tried sending back "HSE:groups=HSEAdmin" in the response, and several variations, but the HSE doesn't like it.

It would be great if I could work out what the HSE expects in the reply so I can make RADIUS tell the HSE what group a user belongs to.



This Discussion