Voice Gateway radius

Unanswered Question
Jun 5th, 2010

Hi to all,

I have one issue, the customer need to configure the radius in the voice gateway (router 2821) and enter the following command,

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa session-id common

dot1x system-auth-control

radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port1812 key xxxxx

so i try to login its give authentication fail. no local username & password in router and i can't login to my voice gateway.

and i need to assgin this radius to cisco call manager 7.1.3 if possible.

ples i need support in this issue.

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
William Bell Sat, 06/05/2010 - 07:03

As for the gateway, you would need to work with the customer on how you can resolve your logon issues.  Something may be misconfigured or your account is not permitted to logon/manage the voice gateway in ACS or whatever backend Radius system they are using.  Can anyone logon to the box?  Check the Radius server.  Worst case: if you have a fallback to local then you can pull network interfaces or apply ACLs up stream to block radius traffic, and then logon using the local credentials (via the console).  Once you get into the system, you may want to create a local account on the system and then test VTY connections via radius before disconnecting/logging out of the console.

Now, as far as CUCM is concerned, there is no support for Radius or Tacacs.  You can authenticate users locally OR you can authenticate users against an LDAP backend.  Keep in mind that Radius also needs a set of credentials to authenticate a user.  Your customer may already be using a backend LDAP (like Microsoft AD) as the credential store.  If so, then technically if you had CUCM authenticating against LDAP and Radius authenticating against LDAP, then that should be acceptable.  Now, as far as authorization and account controls are concerned, that is a different matter.

CUCM ONLY uses local authorization controls.  These are facilitated via local groups and roles.  It is pretty granular.  For accounting, in 7.1(2) and later there is an audit logging feature that is available.  It is improved in 7.1(5).

HTH.

Regards,
Bill

Please remember to rate helpful posts.

Actions

This Discussion