cisco phones

Vacheslav m_zouhairy at skno.by
Mon Feb 5 13:59:52 CET 2018



-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+m_zouhairy=skno.by at lists.freeradius.org] On Behalf Of Alan Buxey
Sent: Monday, February 5, 2018 3:54 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: cisco phones

>not sure why you are sending the :1 parts for those attributes, never had to do that with Cisco - its just the way cisco sends info, you just need the bare words eg Tunnel-Private-Group-Id

I repeat:
Here is how it works on acs:
NOTE:ALL these attributes should be defined on the ACS group set for phone authentication.

cisco-avpair="device-traffic-class=voice"
Tunnel-Type=1:VLAN
Tunnel-Medium-Type=1:802
Tunnel-Private-Group-ID=1:VOICE-LAN

All the rest was suggestions given here.   

>alan

On 5 February 2018 at 10:56, Vacheslav <m_zouhairy at skno.by> wrote:

>
>
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-bounces+m_zouhairy=
> skno.by at lists.freeradius.org] On Behalf Of Nathan Ward
> Sent: Monday, February 5, 2018 1:35 PM
> To: FreeRadius users mailing list 
> <freeradius-users at lists.freeradius.org>
> Subject: Re: cisco phones
>
>
> > On 5/02/2018, at 11:23 PM, Vacheslav <m_zouhairy at skno.by> wrote:
> >
> >> Then I replaced the last one with :
> >>
> >> Tunnel-Private-Group-Id:1 := 23 as a reply attribute And it didn't 
> >> change anything as a result.
> >
> >> If the debug log shows those attributes being sent back to the NAS,
> then the server is configured correctly.  Blame the NAS for not doing 
> what the server says to do.
> > How can I blame cisco for not accepting cisco attributes?
>
> >Is FreeRADIUS sending the expected attributes back to the switch/NAS?
>
> The switch confirms that the phone authenticates and authorizes.
>
> >If FreeRADIUS is sending what you expect (look at FR debug, or a 
> >packet
> capture), then you need to talk to your vendor and ask them why their 
> product is not doing what you expect with that information.
>
> >If FreeRADIUS is not sending what you expect, please configure 
> >FreeRADIUS
> to send what you want it to send. If you have specific questions about 
> FreeRADIUS I’m sure some people can help. Asking about Cisco things 
> and sharing Cisco config and Cisco debug is not useful. Tell us what 
> your NAS is sending to FreeRADIUS, and what FreeRADIUS is replying 
> with, and what you’d like FreeRADIUS to do differently.
>
> >We can’t tell you what FreeRADIUS needs to send - if you don’t know 
> >what
> it needs to send, you need to talk to your vendor.
>
>
> >It sounds like FreeRADIUS is sending what you expect, so, I think you
> need to talk to your vendor.
> I did expect that this will end in the cisco forums except I wanted to 
> reach the end here and we are there.
>
> --
> >Nathan Ward
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list