Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can ACS authenticate RADIUS calling-station-id

How can ACS be setup to authenticate against the incoming RADIUS calling-station-id ? There will be hundreds of different unique devices - these are actually mobile phones and we want to authenticate using the phone number which appears in the calling-station-id

I presume ACS can do this? Sorry forgot to say we are using ACS4.2

5 REPLIES
Silver

Re: Can ACS authenticate RADIUS calling-station-id

Calling-station-Id Allows the AAA client to send the telephone number the call came from as part of the access-request packet using automatic number identification or similar technology. This attribute has the same value as remote-addr in TACACS+. This attribute is supported only on ISDN and for modem calls on the Cisco AS5200 if used with PRI.

New Member

Re: Can ACS authenticate RADIUS calling-station-id

Thanks for replying, however I'm not entirely sure what you are saying, I think I already understand what the calling-station-id field is. What I am asking is how can ACS be configured to use the calling-station-id in the same manner of, or instead of the username. That is ACS will lookup the incoming calling-station-id in a database (internal or external) containing one to two thousand records.

New Member

Re: Can ACS authenticate RADIUS calling-station-id

Anybody know this? Or any leads at all?

Re: Can ACS authenticate RADIUS calling-station-id

I dont think that can be done using the ACS/Any Radius server, unless your mobile device during authenticating against the ACS/any Radius server, sends the value that is there in Calling station id in the username field. I dont think Radius RFC has any such guidance...

Though we can restrict/allow on the basis of the calling/called station id field. But authentication will always take place based on what is coming in username field.

I would suggest you to look into the mobile device application, to make it to send the unique identifier in the username filed also, so that any Radius server can authenticate that device. Also, there has be a password associated with that account, blank password wont work with ACS.

Regards,

Prem

New Member

Re: Can ACS authenticate RADIUS calling-station-id

Thanks for taking the time to reply.

One thing I did find in ACS is that you can have a username and no password if you set the client to a voip client. But not sure what other implications running it as voip enforces on you.

Thanks again.

1143
Views
0
Helpful
5
Replies
CreatePlease login to create content