Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2047
Views
0
Helpful
6
Replies

Can't auth to Nortels networks devices using RADIUS with ACS 5.1

msurget.orange
Level 1
Level 1

‎06-17-2010 06:20 AM - edited ‎03-10-2019 05:11 PM

Hi,

I've got a problem with the ACS 5.1 RADIUS Authentication for Nortel network devices (Baystack 470, ERS 5530 5510, Passport 8606).

After configuring RADIUS on these device (primary serv, secondary serv, secret key, port...) and adding them to my ACS Servers.

I can't manage to login using RADIUS and i get the following message.

"Permission denied, please try again" or "No response from RADIUS server"(?) (depending on the device type)

But in my ACS View, I can see : "Authentication succeeded."

I've also checked the RADIUS frames, the "Access-Request" and "Access-Accept" are correctly transmitted.

I've got no problems with RADIUS Auth using other brand devices

Is there any known issues with Nortels devices using Cisco ACS 5.1 with RADIUS  Authentication ?

Regards.

Labels:
0 Helpful
6 Replies 6

Jagdeep Gambhir
Level 10
Level 10

‎06-17-2010 06:57 AM

Marc,

Did you set up Radius VSA Nortel?


Please check this link,


http://cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/rad_tac_phase.html#wp1024836





Regards,

~JG


Do rate helpful posts

0 Helpful

msurget.orange
Level 1
Level 1
In response to Jagdeep Gambhir

‎06-17-2010 07:12 AM

What do you mean by "setting up Nortel VSA" ?

I've checked the documentation and my server, There isn't much i can do, execpt changing or creating other attributes.

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to msurget.orange

‎06-17-2010 07:24 AM



You need to set up Network Access Authorization Policy -->Rule--> Compound Condition--->Radius Nortel.



Regards,

~JG



Do rate helpful posts



0 Helpful

msurget.orange
Level 1
Level 1
In response to Jagdeep Gambhir

‎06-18-2010 01:23 AM

Are you sure that setting up a compound condition will help ?

To me, the RADIUS Nortel VSA are used for Authorization,and my problem is about Authentication (usually for a simple authentication, we stay in the IETF RADIUS Standards ? no ?)

Also, does setting this condition will change the Access-Accept packets sent by the ACS to the device ?

Here is my steps in the ACS View

11001  Received RADIUS  Access-Request
11017  RADIUS created a new  session
Evaluating Service Selection  Policy
15004  Matched rule
15012  Selected Access  Service - Default Network Access
Evaluating Identity Policy
15006  Matched Default Rule
15013  Selected Identity  Store - Internal Users
24210  Looking up User in  Internal Users IDStore - radius
24212  Found User in Internal  Users IDStore
22037  Authentication Passed
Evaluating Group Mapping  Policy
Evaluating Exception  Authorization Policy
15042  No rule was matched
Evaluating Authorization  Policy
15006  Matched Default Rule
15016  Selected Authorization  Profile - Permit Access
11002  Returned RADIUS  Access-Accept

So I think the ACS does its job

0 Helpful

andrew.bagley
Level 1
Level 1
In response to msurget.orange

‎06-01-2011 05:57 AM

Hi Marc,

Did you manage to find the answer to this? - Having the exact issue at the moment.

Thanks

0 Helpful

Vikram_Anumukonda_2
Level 1
Level 1
In response to andrew.bagley

‎06-02-2011 03:46 AM

Hello Andrew,

Did you configure an authorization profile for Nortel using their VSA and see if it helped.

Looks like authorziation policy is needed & will be pushed by the new ACS even if only radius authentication is setup on the Nortel device

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents