RE: OT-Radius authentication from a Juniper client to a Cisco

From: Stefano Lassi (stefano.lassi@sysma.it)
Date: Fri May 23 2003 - 18:40:25 GMT-3

• Next message: Catcat2608@aol.com: "PPP Multilink ISDN not working"
• Previous message: Edmundo Bodero: "RE: CCIE written expiry ---Grace Period"
• Maybe in reply to: Stefano Lassi: "OT-Radius authentication from a Juniper client to a Cisco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You are right James

our Radius server is not responding at all rekonizing Authenticate-Only Service-Type incoming packets.

Now we got two way to solve problem:

a) change Juniper configuration (best way, but router is managed by another staff don't seem very happy to do this ...)
b) change Cisco Secure Radius way to manage Authenticate-Only incoming packet (do anybody know how to get that? may be touching something tricky in Cisco Radius conf?)

Thank you very much

Stefano

-----Original Message-----
From: James.Jackson@broadwing.com [mailto:James.Jackson@broadwing.com]
Sent: venerdl 23 maggio 2003 17.35
To: stefano.lassi@sysma.it; ccielab@groupstudy.com
Subject: RE: OT-Radius authentication from a Juniper client to a Cisco
Secure ACS

Is your RADIUS server responding but omiting the Juniper VSA by chance ?
Juniper, along with some other vendors has a habit of setting Service-Type
to "Authenticate-Only" in the request packet...per RFC, if the RADIUS server
sees "Authenticate-Only" it is not required to return any authorization
data. One fix is to manipulate the request packet on input if ACS lets you
do that and change the Service-Type to "Login".

HTH
James

-----Original Message-----
From: Stefano Lassi [mailto:stefano.lassi@sysma.it]
Sent: Friday, May 23, 2003 4:46 AM
To: ccielab@groupstudy.com
Subject: OT-Radius authentication from a Juniper client to a Cisco
Secure ACS

Hi

I got troubles interfacing a Juniper router to a Cisco Secure ACS Radius
server.

Juniper staff seems sending correctelly authen packet to Cisco Radius,
Radius server reports correct authentication, but I can't see answer
ackwoledgment to Juniper that goes to retry, after 3 attempt I got time out
(of course!) on dialup PC.

Inside Cisco Secure "Network Configuration" I can choose between Radius IETF
or Radius Juniper, but with both confs Radius seems don't working.

Anybody has got experience with Cisco Radius and Juniper?

Ciao

Stefano Lassi
CCNP/CCDP
 +++The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and destroy any copies of this
document.+++

• Next message: Catcat2608@aol.com: "PPP Multilink ISDN not working"
• Previous message: Edmundo Bodero: "RE: CCIE written expiry ---Grace Period"
• Maybe in reply to: Stefano Lassi: "OT-Radius authentication from a Juniper client to a Cisco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:47 GMT-3