ACS 4.2 doesn't response RADIUS access-request

Unanswered Question
May 12th, 2010
User Badges:

I have configured radius 4,2:


- Create an internal database, a account

- Create an AAA client, with pass the same on Authenticator server

- Authenticate using Radius-Aironet (and try with other radius vendor)

- Submit and Apply


From Authenticator ( Ruckus Zone-director 1000)



- Configure the same secret pass with ACS

- IP: ACS, Port: 1812

- Send user name and pass which created on ACS server


From authenticator, send raidius access-request with username & pass have created on ACS, but ACS doesn't response any message even fail ..


Could you please help me figure out the happening problem


Thank a lot

-Brian.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dancampb Wed, 05/12/2010 - 08:58
User Badges:
  • Cisco Employee,

From the failed attempts log it says unknown NAS.  This means that the communication between the AP and ACS isn't working correctly.  This could be that the AP doesn't have the right shared secret key, the AP isn't defined in Network Devices, or one of the configs.  Do you have this device in a Network Group on the ACS server?  If so make sure you have the group shared secret key defined on the AP.

Brian.Burgett Wed, 05/12/2010 - 19:31
User Badges:

I have double checked all shared secret key and make sure they was right


They was also added to ACS network group as well


The problem is still happening

Jatin Katyal Sun, 05/16/2010 - 19:05
User Badges:
  • Cisco Employee,

Brian,


I would also like you to check following,


Please go to Network Configuration > If we have Network Device Group option enabled, then go the network device group---Edit properties---remove the shared secret from there---submit the changes.


And try again, If authentication works, that would mean that we have configured a Network Device Group level key. And a NDG level key over rides the AAA


Client level key.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NetCfg.html#wp342699


Are we seeing "unknown NAS" with the same NAS ip address the one we have added on the ACS under network configuration?



Regds,

JK


Do rate helpful posts-


Brian.Burgett Mon, 06/07/2010 - 03:42
User Badges:

sorry for late response


i have changed as your suggestion, but nothing differences ?


Do you have other suggestion


thank you

Jagdeep Gambhir Mon, 06/07/2010 - 18:27
User Badges:
  • Red, 2250 points or more

Brain,

Unknown NAS shows up when ACS do not have aaa-client listed with required protocol ie tacacs or radius. Make sure that IP we see in failed logs is there in NDG or aaa-client.


That should fix it.



Regards,

~JG


Do rate helpful posts

Actions

This Discussion

 

 

Trending Topics - Security & Network