[cisco-nas] Sendpass not supported - l2f -- please help...

Dennis Peng dpeng at cisco.com
Tue Sep 2 17:12:07 EDT 2003 

As long as the tunnel profile is properly defined, you should not run
into the "SENDPASS" error. That error occurs when the AAA subsystem
needs to respond with a password to an authentication request we have
received and we attempt to get it from RADIUS. Unlike TACACS+, the
RADUIS protocol only specifies a mechanism for verifying inbound
authentication responses, not for providing outbound authentication
responses. So the attempt will fail with the SENDPASS error. Your
profile should look something like:

l2f.com Password=="cisco", Service-Type==Outbound-User
        Tunnel-Type = L2F,
        Tunnel-Medium-Type = IP,
        Tunnel-Client-Auth-Id = "NAS",
        Tunnel-Server-Endpoint = 10.1.1.1,
        Cisco-AVPair = "vpdn:nas-password=cisco",
        Cisco-AVPair = "vpdn:gw-password=cisco",

If this is what your profile looks like and you are still seeing this
error, please send me your version and config, your RADIUS tunnel
profile, and "debug ppp negot", "debug vpdn l2x-ev", "debug radius",
"debug aaa authen", and "debug aaa author" when you make a L2F
call. Thanks.

Dennis

Bob Arthurs [bob_arthurs at hotmail.com] wrote:
> dennis
> 
> thanks very much for replying
> 
> i did define both of the passwords. i also found this on cco
> 
> http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800d97ca.html#1003583
> 
> in part called Misconfigured AAA Authentication it seems to talk about this 
> issue. but i'm not really sure i understand. is this my problem do you 
> think?
> 
> bob
> 
> 
> >From: Dennis Peng <dpeng at cisco.com>
> >To: Bob Arthurs <bob_arthurs at hotmail.com>
> >CC: cisco-nas at puck.nether.net
> >Subject: Re: [cisco-nas] Sendpass not supported - l2f -- please help...
> >Date: Tue, 2 Sep 2003 11:31:48 -0700
> >
> >What does your tunnel profile look like on the RADIUS server? Did you
> >define both the NAS and the Home Gateway password?
> >
> >Dennis
> >
> >Bob Arthurs [bob_arthurs at hotmail.com] wrote:
> >> hi
> >>
> >> i have configured an l2f nas with a tunnel definition on a radius server
> >> but i get an error like 'sendpass not supported' (sorry i'm not near the
> >> box now). my aaa config is -
> >>
> >> aaa authentication ppp default group radius local
> >> aaa authorization network default group radius
> >>
> >> not sure what is going wrong - i'm sure this works with l2tp (sure i've
> >> seen this config with l2tp).
> >>
> >> any ideas what is wrong ?- and is this problem limited to l2f - would 
> >this
> >> aaa config work with l2tp.
> >>
> >> many thanks
> >>
> >> bob
> >>
> >> _________________________________________________________________
> >> Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
> >>
> >> _______________________________________________
> >> cisco-nas mailing list
> >> cisco-nas at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nas
> 
> _________________________________________________________________
> Find a cheaper internet access deal - choose one to suit you. 
> http://www.msn.co.uk/internetaccess

More information about the cisco-nas mailing list