Re: ACS Network Access Profile on Switch

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Mon Jun 30 2008 - 12:43:41 ART

• Next message: Felix Nkansah: "Re: Open question to those that have recently sat for the lab."
• Previous message: L Pham: "Re: Damn, I finished the lab in 4 hours and had 4 hours to"
• Maybe in reply to: Muhammad Nasim: "ACS Network Access Profile on Switch"
• Next in thread: Sadiq Yakasai: "Re: ACS Network Access Profile on Switch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 Following is the debug aaa radius (on the switch)

01:01:29: RADIUS: Pick NAS IP for u=0x1F59C78 tableid=0 cfg_addr=0.0.0.0
01:01:29: RADIUS: ustruct sharecount=1
01:01:29: Radius: radius_port_info() success=1 radius_nas_port=1
01:01:29: RADIUS(00000000): Send Access-Request to 205.5.6.112:1645 id
1645/27, len 76
01:01:29: RADIUS: authenticator 73 19 E3 ED 40 09 94 3F - 2B D3 7F 32 85 CA
62 AB
01:01:29: RADIUS: NAS-IP-Address [4] 6 205.5.6.144
01:01:29: RADIUS: NAS-Port [5] 6 1
01:
SW2-REAL#01:29: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
01:01:29: RADIUS: User-Name [1] 7 "user3"
01:01:29: RADIUS: Calling-Station-Id [31] 13 "205.5.6.111"
01:01:29: RADIUS: User-Password [2] 18 *
01:01:29: RADIUS: Received from id 1645/27 205.5.6.112:1645, Access-Accept,
len 149
01:01:29: RADIUS: authenticator FF 3C B8 A8 ED 8F C6 0F - F6 1F 17 A6 AC FF
67 35
01:01:29: RADIUS: Vendor, Cisco [26] 66
01:01:29: RADIUS: Cisco AVpair [
SW2-REAL#1] 60 "ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-*userr3acl*-4868f514"
01:01:29: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
01:01:29: RADIUS: Class [25] 24
01:01:29: RADIUS: 43 41 43 53 3A 32 2F 31 31 30 61 2F 63 64 30 35
[CACS:2/110a/cd05]
01:01:29: RADIUS: 30 36 39 30 2F 31 [0690/1]
01:01:29: RADIUS: Vendor, Cisco [26] 33
01:01:29: RADIUS: Cisco AVpair [1] 27 "aaa:supplicant-name=user3"
01:01:29: RADIU
SW2-REAL#S: saved authorization data for user 1F59C78 at 1A03E20

as we can see that userr3acl is comming to the switch but not applied any
where

2008/6/30 Muhammad Nasim <muhammad.nasim@gmail.com>:

> Dear All,
>
> I am trying to do simple Network Access Profile.
>
> The question is
> Configure ACS server using Network Access profile
> Add SW2 in new device group
> Create a downloadable ACL
> Create a user user2 and bind this user with this SW2, SW2 should only be
> access able using this user.
>
> Now I think I have done everything correctly as I my user can authenticate
> and using Network Access Profile as I can see in the
> Reports & Activites > Passed Authentication
>
> in the log it is showing that the ACCESS-LIST is executed for this user but
> I am not getting any access-list on the switch
>
> Any help
>
> Thanks
>
>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia

• Next message: Felix Nkansah: "Re: Open question to those that have recently sat for the lab."
• Previous message: L Pham: "Re: Damn, I finished the lab in 4 hours and had 4 hours to"
• Maybe in reply to: Muhammad Nasim: "ACS Network Access Profile on Switch"
• Next in thread: Sadiq Yakasai: "Re: ACS Network Access Profile on Switch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART