cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1775
Views
0
Helpful
5
Replies

Can ACS authenticate RADIUS calling-station-id

How can ACS be setup to authenticate against the incoming RADIUS calling-station-id ? There will be hundreds of different unique devices - these are actually mobile phones and we want to authenticate using the phone number which appears in the calling-station-id

I presume ACS can do this? Sorry forgot to say we are using ACS4.2

5 Replies 5

didyap
Level 6
Level 6

Calling-station-Id Allows the AAA client to send the telephone number the call came from as part of the access-request packet using automatic number identification or similar technology. This attribute has the same value as remote-addr in TACACS+. This attribute is supported only on ISDN and for modem calls on the Cisco AS5200 if used with PRI.

Thanks for replying, however I'm not entirely sure what you are saying, I think I already understand what the calling-station-id field is. What I am asking is how can ACS be configured to use the calling-station-id in the same manner of, or instead of the username. That is ACS will lookup the incoming calling-station-id in a database (internal or external) containing one to two thousand records.

Anybody know this? Or any leads at all?

I dont think that can be done using the ACS/Any Radius server, unless your mobile device during authenticating against the ACS/any Radius server, sends the value that is there in Calling station id in the username field. I dont think Radius RFC has any such guidance...

Though we can restrict/allow on the basis of the calling/called station id field. But authentication will always take place based on what is coming in username field.

I would suggest you to look into the mobile device application, to make it to send the unique identifier in the username filed also, so that any Radius server can authenticate that device. Also, there has be a password associated with that account, blank password wont work with ACS.

Regards,

Prem

Thanks for taking the time to reply.

One thing I did find in ACS is that you can have a username and no password if you set the client to a voip client. But not sure what other implications running it as voip enforces on you.

Thanks again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: