[cisco-nas] NAS and Microsoft IAS

Scott Farrand scottfarrand at msn.com
Tue Jun 8 14:20:06 EDT 2004 

Can anyone give me some idea's about how I can successfully get IAS to work 
with a AS5200?

I've had it working properly with Tacacs on Cisco ACS, but I need to move to 
a IAS server for a short time.

The errors I keep getting on the IAS server are in this form:

Access request for user username was discarded.
Fully-Qualified-User-Name = domain\username
NAS-IP-Address = 1.2.3.4
NAS-Identifier = <not present>
Called-Station-Identifier = 2030
Calling-Station-Identifier = 4256401500
Client-Friendly-Name = as5248
Client-IP-Address = 1.2.3.4
NAS-Port-Type = Async
NAS-Port = 1310785555
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 3
Reason = The Remote Authentication Dial-In User Service (RADIUS) request was 
not properly formatted.

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.

sections of the config on the NAS:

aaa new-model
aaa authentication login CONSOLE none
aaa authentication login ADMIN radius local
aaa authentication login USERS radius local
aaa authentication enable default enable
aaa authentication ppp USERS&TUNNELS if-needed tacacs+ local
aaa authorization network default radius if-authenticated
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
aaa accounting connection default start-stop radius

ip radius source-interface Ethernet0
interface Serial0:23
description "PRI D channel"
ip unnumbered Loopback1
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
encapsulation ppp
no ip route-cache
dialer-group 1
isdn switch-type primary-5ess
isdn incoming-voice modem
peer default ip address pool default
no fair-queue
no cdp enable

interface Group-Async1
description ASYNC Dial-up line
ip unnumbered Loopback1
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip tcp header-compression passive
encapsulation ppp
async dynamic address
async mode dedicated
no snmp trap link-status
peer default ip address pool default
no fair-queue
no cdp enable
ppp authentication ms-chap callin USERS&TUNNELS
group-range 1 48

radius-server host 10.0.1.2 auth-port 1645 acct-port 1646
radius-server key mysecretkey


Any idea's?

_________________________________________________________________
MSN 9 Dial-up Internet Access fights spam and pop-ups – now 3 months FREE! 
http://join.msn.click-url.com/go/onm00200361ave/direct/01/

More information about the cisco-nas mailing list