In the current situation, IP phone authentication is done using ACS local DB.
What we want to do is forwarding devicename & paswd through our ACS to an external DB (Windows, ldap or other).
Do I need to create an av-pair in IOS-radius, VSA 26 which contains the alcatel IP phone string, or is there an other option to do this ? This would be neccesery because in the future we would do dot1x authentication for other devices as well.
Using proxy, ACS automatically forwards an authentication request from AAA clients to AAA servers. After the request has been successfully authenticated, the authorization privileges that you configured for the user on the remote AAA server are passed back to the original ACS, where the AAA client applies the user profile information for that session.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...