Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
1
Replies

Voice Gateway radius

ali nasser
Level 1
Level 1

‎06-05-2010 06:27 AM - edited ‎03-15-2019 11:06 PM

Hi to all,

I have one issue, the customer need to configure the radius in the voice gateway (router 2821) and enter the following command,

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa session-id common

dot1x system-auth-control

radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port1812 key xxxxx

so i try to login its give authentication fail. no local username & password in router and i can't login to my voice gateway.

and i need to assgin this radius to cisco call manager 7.1.3 if possible.

ples i need support in this issue.

thanks

Labels:
0 Helpful
1 Reply 1

William Bell
VIP Alumni
VIP Alumni

‎06-05-2010 07:03 AM

As for the gateway, you would need to work with the customer on how you can resolve your logon issues.  Something may be misconfigured or your account is not permitted to logon/manage the voice gateway in ACS or whatever backend Radius system they are using.  Can anyone logon to the box?  Check the Radius server.  Worst case: if you have a fallback to local then you can pull network interfaces or apply ACLs up stream to block radius traffic, and then logon using the local credentials (via the console).  Once you get into the system, you may want to create a local account on the system and then test VTY connections via radius before disconnecting/logging out of the console.

Now, as far as CUCM is concerned, there is no support for Radius or Tacacs.  You can authenticate users locally OR you can authenticate users against an LDAP backend.  Keep in mind that Radius also needs a set of credentials to authenticate a user.  Your customer may already be using a backend LDAP (like Microsoft AD) as the credential store.  If so, then technically if you had CUCM authenticating against LDAP and Radius authenticating against LDAP, then that should be acceptable.  Now, as far as authorization and account controls are concerned, that is a different matter.

CUCM ONLY uses local authorization controls.  These are facilitated via local groups and roles.  It is pretty granular.  For accounting, in 7.1(2) and later there is an audit logging feature that is available.  It is improved in 7.1(5).

HTH.

Regards,
Bill

Please remember to rate helpful posts.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents