APC9630 User Radius Authentication

Anonymous user · ‎2021-06-30

Greetings!
1. I have few Smart-UPS 1000 RM with APC9630 installed. What I wanna do is remote users authentication from Cisco ACS 5.2. I have configured "*Administration->Security->Remote Users-> authentication*"
- RADIUS, then Local Authentication option
and specify Radius servers in "*Administration->Security->Remote Users-> RADIUS*" with valid IP and shared key.
2. Also, I have setup proper VSA options in Cisco ACS, like man sad in this article http://targetcisco.blogspot.com/2011/03/configuring-radius-vsa-on-acs-52-for.html.

3. I have clear IP connectivity btwn APC and Cisco ACS, can verify it by ping/traceroute from Cisco ACS as well as from APC9630 shell (telnet/ssh), no firewalls are on the way. Current firmware versions I use are sumx v5.1.5 and v5.1.3.

But remote user auth doesn't work, I meen only local authentication apc/apc. From Cisco ACS I don't see any authorization requests from this device, ANY! It's like APC doesn't send them at all.

The question is how can I troubleshoot this issue if I don't have tcpdump on Cisco ACS? Is there any bug related in this APC models? Please, help me to make it work.

Thank you.

Message was edited by: ds

BillP · ‎2021-06-30

have you tried just increasing the timeout on the AP9630 just to test, maybe to 5 or 10 seconds? as you said and i see in the config.ini, it is set to 1 second. also, it may not hurt reboot the network management card interface on the NMC under Administration->General->Reset/Reboot->Reboot management interface if you haven't since configuring this all.

another thought was to make sure that for some reason the RADIUS traffic on port 1812 or 1813 isnt being blocked on your network from the NMC's network? just throwing things out there that i have seen.

See Answer In Context

BillP · ‎2021-06-30

well, to begin, APC does not test with Cisco ACS, we only test with Microsoft IAS and FreeRADIUS. thus, i don't have a system to test with unfortunate.y with that said, it should still work and we don't have any known issues going on with RADIUS. which RADIUS options are you using/do you have enabled on Cisco ACS? i know way back when that Cisco ACS used to support certain RADIUS options that APC did not. it looks like that specific blog though accounts for APC specifically though.

can you post your config.ini using these instructions? -> http://nam-en.apc.com/app/answers/detail/a_id/9321

are all of your devices using the same RADIUS profile? what type of reaction do you get from the NMC when this doesnt work? a timeout or invalid username and password?

BillP · ‎2021-06-30

Hi Dmitry,

I hope this APC Knowledgebase can help you out - [How do I configure my RADIUS server to authenticate my APC Network Enabled device?|http://nam-en.apc.com/app/answers/detail/a_id/8012/kw/radius]

BillP · ‎2021-06-30

have you tried just increasing the timeout on the AP9630 just to test, maybe to 5 or 10 seconds? as you said and i see in the config.ini, it is set to 1 second. also, it may not hurt reboot the network management card interface on the NMC under Administration->General->Reset/Reboot->Reboot management interface if you haven't since configuring this all.

another thought was to make sure that for some reason the RADIUS traffic on port 1812 or 1813 isnt being blocked on your network from the NMC's network? just throwing things out there that i have seen.