Hello,
oh, you have authentication _AND_ authorization!
you should add the floowing to the global config
!
aaa authorize network no-authorize none
!
and add to the i/f config
!
int ser 1/2
ppp authorization no-authorize
!
Maybe it's wiser? safer? to configure the tacacs as to be aware of
(authenticate and
authorize) the remote ppp entity.
--Z.
-----Eredeti üzenet-----
Feladó: akber [mailto:mirzaakber@yahoo.com]
Küldve: 2001. október 9. 11:16
Címzett: Kinczli Zoltán; cisco-nsp@puck.nether.net
Tárgy: RE: [nsp] tacacs ppp
HI,
I configured it to none authentication but still links
are down and gives me authorization faiils if i debug
ppp authentication.
anything wrong on my side if this command works.
aaa new-model
aaa authentication login no_tacacs enable
aaa authentication ppp default group tacacs+
aaa authentication ppp do-nothing none
aaa authentication ppp test local
aaa authorization network default group tacacs+
aaa accounting network default start-stop group
tacacs+
interface Serial1/2
ip address 172.16.1.2 255.255.255.0
encapsulation ppp
clockrate 128000
ppp authentication chap do-nothing
Se1/2 CHAP: I FAILURE id 24 len 27 msg is
"%Authorization failed."
THanks
akber
Kinczli_Zoltán <Zoltan.Kinczli@Synergon.hu> wrote:
> Hello,
>
> You define an authentication method to do nothing:
>
> !
> aaa authentication ppp do-nothing none
> !
>
> on the serial line you configure
>
> ppp authentication <chap/pap> do-nothing
>
>
> --Z.
>
> -----Eredeti üzenet-----
> Feladó: akber [mailto:mirzaakber@yahoo.com]
> Küldve: 2001. október 8. 21:24
> Címzett: cisco-nsp@puck.nether.net
> Tárgy: [nsp] tacacs ppp
>
>
> HI,
> I am running ppp encapsulation over a Lease line. I
> have a Tacacs server
> at my cetral office for ppp autheentication for asyn
> dial user.
> If i run hdlc on serial link its up but if i change
> to ppp it gives me
> serial is up, line protocol is down. When i started
> debug ppp
> authentication is says authentication failure.
>
> So what i need to know :- how i make serial link to
> by-pass ppp
> authentication from tacacs.
> or
> i configure some authenticatiob so that links gets
> authnenticaticated
> from tacacs.
>
> some aaa commands to bypass this.
> I have alredy tried with chap pap and not much
> benefit.
>
> Thanks
> Akber
>
>
>
>
__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just
$8.95/month.
http://geocities.yahoo.com/ps/info1
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:50 EDT