NAS ignoring Access-Accept

Wolfgang Rosenauer wolfgang at rosenauer.org
Mon May 21 18:58:18 CEST 2007


Hi,

I'm not sure if I run into a Cisco or Freeradius issue here.

I try to migrate from icradius to freeradius and everything worked in
the new configuration when I tried with NTRadPing and so I'm switched
the Cisco NAS to the new server.
Unfortunately the NAS is ignoring the Access-Accept replies and always
denies login attempts.
That worked correctly with icradius and the NAS config changed only the
ip address of the radius server.
My first guess was an ip source issue but my server only has one ip
address (and IPv6 ones but radiusd is only listening on 0.0.0.0) and
freeradius is compiled with --with-udpfromto.

Here are parts of my Cisco config:

aaa authentication ppp default if-needed radius local
aaa authorization network default radius local
aaa accounting update newinfo
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
aaa accounting connection default start-stop radius

radius-server configure-nas
radius-server host a.b.c.d auth-port 1812 acct-port 1813 non-standard
radius-server timeout 3
radius-server vsa send accounting

I ran radiusd -X and saw that freeradius sent an Access-Accept reply to
the NAS' ip address and source port.

Any ideas?


Thanks,
 Wolfgang



More information about the Freeradius-Users mailing list