[cisco-nas] virtual-Profile question
Dennis Peng
dpeng at cisco.com
Tue Oct 14 19:23:26 EDT 2003
Virtual-profile virtual-access interfaces are created *after*
authentication. That means all LCP related (for example MRU) and
authentication parameters, must be configured on the physical
interface (async/group-async/ISDN). If you were to use RPM customer
profile templates:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fdial_c/fnsprt11/dafrpm.htm
the template is applied as soon as we bind to the profile (when we
answer the call), so this would line up more with what you may be
expecting. You may not need the flexibility/complexity of RPM though,
so you may want want to stick with manual configuration. One thing you
could do is put all your ISDN interfaces in one dialer rotary-group,
then you should just need to change the authentication method list on
the dialer interface and the group-async interface.
As for why PPP works on async but not ISDN when "encap ppp" is not
configured, you are right, this is due to the "autoselect" feature on
async interfaces and "async mode interactive" (which basically allows
the customer to choose what type of encapsulation they want to
use). On ISDN interfaces, I think you could do something similar by
configuring "autodetect encapsulation ppp".
Dennis
Matyas Szilard [szilard.matyas at enternet.hu] wrote:
> Hello,
>
> My problem is that I would like to do that all ppp configuration parameters
> for a dialin user like pap or chap authentication,auth lists etc can be get
> from a virtual-template for all dialin user. And on Physical interfaces like
> group-async and serial could be only media specific parameters. This
> configuration would be ideal for configuring because we use same auth list
> for all kind of dialin user (modem/ISDN) and if an auth list changes I don't
> have to change it on every serial and group async interfaces etc. I thought
> It can be done easily with virtual profile. But life was not so easy. Or I
> misunderstanded the Virtual Profile feature.I configured " virtual-profile
> virtual-template 1" and "interface virtual-template 1 " with "encap ppp",
> "ppp authentication pap listname", etc.....On the physical interfaces I
> configured only the media specific components neither "encap ppp", nor "ppp
> authentication pap listname", etc.....
> And also the physical interfaces is neither configured for dialer profile
> and nor for legacy ddr.
> I thought it should be working. I thought that for all of the users dial-in
> (no matters async or sync) an interface will be cloned from the virtual
> template and ppp starts and the auth list on the virt. template is used for
> authentication. But it didn't work. The NAS did wholly other thing. If I
> dial in the AS with modem the PPP starts on the async, but there is no
> "encap ppp" on group async interface.
> I think because of the autoselect ppp on the line. And then searches the
> authentication list on group async only (there was no auth list on it) and
> don't be engaged in using the auth list on virt-template. But, the cloning
> is succesful, ios makes virt. acces interface and I dial in without
> authentication with any kind of user/pass. If I dial with ISDN there is even
> no ppp on the physical serial interfaces and the PPP didn't start.
> If someone know the solution please help.
>
> Thanks everyone response!
>
>
>
> szicsu
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
More information about the cisco-nas
mailing list