Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Default network access and CHAP

Hi folks,

I am configuring some of my devices to use CHAP when their backup ISDN interface dials out to the 7200 concentrator node. I wan the CHAP requests to hit our ACS 5.2 appliances and be authenticated via this method. I have built a rule for 'Default netowrk access' which specifies these devices only however when I bring up the ISDN call the process fails. When I look at the logs it doesn't give an error reason but it does say that it failed on one of the rules in the 'default device admin' rule set.

I even went to the bother of specifying a single IP address of one of the ISDN backup devices but the result is always the same.

Does anyone ahve any guiance as to what I'm doing wrong here? Any help would be appreciated

Kind Regards

Ciaran

3 REPLIES
Silver

Default network access and CHAP

Hello Ciaran,

Is the device properly configured to use RADIUS for the ISDN calls? If the ACS is complaining that it hit a 'default device admin' rule then the request is getting to the server on TACACS+. Please check the default settings for Access Service Selection Rules:

As you can see, we will get assigned to the Default Device Admin only if the request comes over TACACS+. Please verify that the request is getting as RADIUS to the server for it to hit Default Network Access instead.

If this was helpful please rate.

Regards.

New Member

Re: Default network access and CHAP

Hi Carlos,

thanks for your reply. My initial message was posted in haste so I didn't get time to include more information. I neglected to mention that this process is working on our ACS 3.3 with the current configuration. When I point the 7200 concentrator and the client device at the new 5.2 ACS the CHAP fails for the reasons mentioned above. Are there any configuration changes that need to be added to facilitatie CHAP authentication on the newer ACS appliances?

Regards

Ciaran

P.S I have attached a doc outlining the Dialer and ACS config on both Client and concentrator. I have changed addresses from their original for security purposes. 

New Member

Re: Default network access and CHAP

Folks,

what I was seeing was the result of a bug CSCth30275 the solution to which is to upgrade to 5.3 patch 1.

475
Views
0
Helpful
3
Replies
CreatePlease to create content