RE: [nsp] tacacs ppp

From: Kinczli Zoltán (Zoltan.Kinczli@Synergon.hu)
Date: Tue Oct 09 2001 - 05:47:22 EDT


Hello,

  oh, you have authentication _AND_ authorization!

you should add the floowing to the global config

!
aaa authorize network no-authorize none
!

and add to the i/f config

!
int ser 1/2
ppp authorization no-authorize
!

  Maybe it's wiser? safer? to configure the tacacs as to be aware of
(authenticate and
authorize) the remote ppp entity.

--Z.

-----Eredeti üzenet-----
Feladó: akber [mailto:mirzaakber@yahoo.com]
Küldve: 2001. október 9. 11:16
Címzett: Kinczli Zoltán; cisco-nsp@puck.nether.net
Tárgy: RE: [nsp] tacacs ppp

HI,
I configured it to none authentication but still links
are down and gives me authorization faiils if i debug
ppp authentication.

anything wrong on my side if this command works.

aaa new-model
aaa authentication login no_tacacs enable
aaa authentication ppp default group tacacs+
aaa authentication ppp do-nothing none
aaa authentication ppp test local
aaa authorization network default group tacacs+
aaa accounting network default start-stop group
tacacs+

interface Serial1/2
 ip address 172.16.1.2 255.255.255.0
 encapsulation ppp
 clockrate 128000
 ppp authentication chap do-nothing

Se1/2 CHAP: I FAILURE id 24 len 27 msg is
"%Authorization failed."

THanks
akber

Kinczli_Zoltán <Zoltan.Kinczli@Synergon.hu> wrote:
> Hello,
>
> You define an authentication method to do nothing:
>
> !
> aaa authentication ppp do-nothing none
> !
>
> on the serial line you configure
>
> ppp authentication <chap/pap> do-nothing
>
>
> --Z.
>
> -----Eredeti üzenet-----
> Feladó: akber [mailto:mirzaakber@yahoo.com]
> Küldve: 2001. október 8. 21:24
> Címzett: cisco-nsp@puck.nether.net
> Tárgy: [nsp] tacacs ppp
>
>
> HI,
> I am running ppp encapsulation over a Lease line. I
> have a Tacacs server
> at my cetral office for ppp autheentication for asyn
> dial user.
> If i run hdlc on serial link its up but if i change
> to ppp it gives me
> serial is up, line protocol is down. When i started
> debug ppp
> authentication is says authentication failure.
>
> So what i need to know :- how i make serial link to
> by-pass ppp
> authentication from tacacs.
> or
> i configure some authenticatiob so that links gets
> authnenticaticated
> from tacacs.
>
> some aaa commands to bypass this.
> I have alredy tried with chap pap and not much
> benefit.
>
> Thanks
> Akber
>
>
>
>

__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just
$8.95/month.
http://geocities.yahoo.com/ps/info1



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:50 EDT