Can't auth to Nortels networks devices using RADIUS with ACS 5.1

Unanswered Question
Jun 17th, 2010


I've got a problem with the ACS 5.1 RADIUS Authentication for Nortel network devices (Baystack 470, ERS 5530 5510, Passport 8606).

After configuring RADIUS on these device (primary serv, secondary serv, secret key, port...) and adding them to my ACS Servers.

I can't manage to login using RADIUS and i get the following message.

"Permission denied, please try again" or "No response from RADIUS server"(?) (depending on the device type)

But in my ACS View, I can see : "Authentication succeeded."

I've also checked the RADIUS frames, the "Access-Request" and "Access-Accept" are correctly transmitted.

I've got no problems with RADIUS Auth using other brand devices

Is there any known issues with Nortels devices using Cisco ACS 5.1 with RADIUS  Authentication ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading. Thu, 06/17/2010 - 07:12

What do you mean by "setting up Nortel VSA" ?

I've checked the documentation and my server, There isn't much i can do, execpt changing or creating other attributes.

Jagdeep Gambhir Thu, 06/17/2010 - 07:24

You need to set up Network Access Authorization Policy -->Rule--> Compound Condition--->Radius Nortel.



Do rate helpful posts Fri, 06/18/2010 - 01:23

Are you sure that setting up a compound condition will help ?

To me, the RADIUS Nortel VSA are used for Authorization,and my problem is about Authentication (usually for a simple authentication, we stay in the IETF RADIUS Standards ? no ?)

Also, does setting this condition will change the Access-Accept packets sent by the ACS to the device ?

Here is my steps in the ACS View

11001  Received RADIUS  Access-Request
11017  RADIUS created a new  session
Evaluating Service Selection  Policy
15004  Matched rule
15012  Selected Access  Service - Default Network Access
Evaluating Identity Policy
15006  Matched Default Rule
15013  Selected Identity  Store - Internal Users
24210  Looking up User in  Internal Users IDStore - radius
24212  Found User in Internal  Users IDStore
22037  Authentication Passed
Evaluating Group Mapping  Policy
Evaluating Exception  Authorization Policy
15042  No rule was matched
Evaluating Authorization  Policy
15006  Matched Default Rule
15016  Selected Authorization  Profile - Permit Access
11002  Returned RADIUS  Access-Accept

So I think the ACS does its job

andrew.bagley Wed, 06/01/2011 - 05:57

Hi Marc,

Did you manage to find the answer to this? - Having the exact issue at the moment.


Vikram_Anumukonda_2 Thu, 06/02/2011 - 03:46

Hello Andrew,

Did you configure an authorization profile for Nortel using their VSA and see if it helped.

Looks like authorziation policy is needed & will be pushed by the new ACS even if only radius authentication is setup on the Nortel device


This Discussion

Related Content