I've got an NMAS/BMAS 3.8 RADIUS server that has worked fine for quite
a while with a pair of CISCO VPN 3000 concentrators.

The other day I added a new KVM switch that did RADIUS authentication.
It needs you to add an attribute to users that you want to have access
to this switch. This is done by adding a Generic RADIUS attribute
called "Filter-ID" and then setting the string to "Raritan:G{ADMIN}".
I tested this with NTRADPING and you still get the normal output
"Access Accepted" plus you get the additional attribute on those users
that have this set. The Raritan KVM works fine.

However, later on in the day I discovered that none of the users that
had this attribute set could use the Cisco VPN concentrators. You
would see the same progress in the RADIUS display and logs (Access
Accepted), however, the Cisco VPN client would claim you couldn't get
authenticated and not let you in.

Does anyone know why additional attributes would confuse the VPN
concentrator? Any ideas how to get this to work with both devices? Is
there a way to tell the RADIUS server to only send this attribute to a
certain RADIUS client (e.g. The Raritan KVM)?




Using Virtual Access