Can ACS authenticate RADIUS calling-station-id

Unanswered Question
Sep 29th, 2008
User Badges:

How can ACS be setup to authenticate against the incoming RADIUS calling-station-id ? There will be hundreds of different unique devices - these are actually mobile phones and we want to authenticate using the phone number which appears in the calling-station-id

I presume ACS can do this? Sorry forgot to say we are using ACS4.2

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Fri, 10/03/2008 - 11:37
User Badges:
  • Silver, 250 points or more

Calling-station-Id Allows the AAA client to send the telephone number the call came from as part of the access-request packet using automatic number identification or similar technology. This attribute has the same value as remote-addr in TACACS+. This attribute is supported only on ISDN and for modem calls on the Cisco AS5200 if used with PRI.

GRAEME DANIELSON Sun, 10/05/2008 - 01:31
User Badges:

Thanks for replying, however I'm not entirely sure what you are saying, I think I already understand what the calling-station-id field is. What I am asking is how can ACS be configured to use the calling-station-id in the same manner of, or instead of the username. That is ACS will lookup the incoming calling-station-id in a database (internal or external) containing one to two thousand records.

Premdeep Banga Wed, 10/15/2008 - 03:48
User Badges:
  • Gold, 750 points or more

I dont think that can be done using the ACS/Any Radius server, unless your mobile device during authenticating against the ACS/any Radius server, sends the value that is there in Calling station id in the username field. I dont think Radius RFC has any such guidance...

Though we can restrict/allow on the basis of the calling/called station id field. But authentication will always take place based on what is coming in username field.

I would suggest you to look into the mobile device application, to make it to send the unique identifier in the username filed also, so that any Radius server can authenticate that device. Also, there has be a password associated with that account, blank password wont work with ACS.



GRAEME DANIELSON Wed, 10/15/2008 - 09:41
User Badges:

Thanks for taking the time to reply.

One thing I did find in ACS is that you can have a username and no password if you set the client to a voip client. But not sure what other implications running it as voip enforces on you.

Thanks again.


This Discussion