Cisco 10008 issue

Alan DeKok aland at deployingradius.com
Sat Jan 12 08:46:42 CET 2008


Alex Moen wrote:>
> We have a Cisco 10008 that we are trying to set up for broadband
> aggregation.  The 10008 utilizes a radius server to authenticate each
> internet subscriber, either based on mac address or circuit id.  Cisco
> says that we cannot use freeradius

  A Cisco *account rep* is telling you that.  I have a few responses:

  1) Please tell me his name so that I can escalate this internally in
Cisco.  (my contacts are somewhat higher in the organization than he
is).  Private email is fine...

  2) http://deployingradius.com/cisco_and_freeradius.png

  3) See this Cisco page, and many others:
http://www.cisco.com/en/US/products/ps6307/products_tech_note09186a0080870334.shtml

  i.e. Cisco WLAN controller supports "ACS, FreeRADIUS, other" for
RADIUS servers.  Cisco's main web page gives instructions on how to use
FreeRADIUS with Cisco's products.

  My suggestion would be to point the sales rep to those links, and tell
him to stop lying to you.  It's bad business practice, and ruins
customer relationships.

> (they recommend Cistron, which is now
> 4 years old) because "freeradius is buggy and does not work well" (their
> words, not mine, no flaming please!!!).  I suspect that the particular
> CCIE has had some bad experience with freeradius in his sysadmin past,
> but he is normally a very good engineer and hasn't steered us wrong in
> the past on other projects...

  Cistron isn't actively developed.  I'm not even sure when the last
release was.  See also:

  http://freeradius.org/press/survey.html

  i.e. He's claiming FreeRADIUS doesn't work.  100,000 sites, and over
100 million users disagree.

> We use freeradius for other uses in our network and have never had
> problems with it.  In fact, we are using it (v. 0.9.3) with a Cisco
> 10008SSG to authenticate PPPOE clients on an MMDS system, with no
> problems.  Has anyone ever run into this type of problem or roadblock
> before?

  It's fine.  See also:

http://freeradius.org/features/interoperability.html

  In almost 10 years of working with FreeRADIUS, I only recall 3
products that were incompatible with FreeRADIUS.  All 3 implemented the
specs *wrong*.  i.e. They were incompatible with many other NASes and
RADIUS servers, too.  And it only took the vendors a few months to
correct their products to follow the specs.

  Alan DeKok.



More information about the Freeradius-Users mailing list