[cisco-nas] Sendpass not supported - l2f -- please help...

Bob Arthurs bob_arthurs at hotmail.com
Wed Sep 3 22:53:08 EDT 2003


dennis - thanks for explanation. my tunnel definition looks like (i think- i 
am not near my radius sever now - just as i remember):

on a merit radius server:

abc.com Password = "cisco"
Service-Type = Outbound-User,
cisco-avpair = "vpdn:tunnel-id=l2f_nas",
cisco-avpair = "vpdn:ip-addresses=10.1.1.1",
cisco-avpair = "vpdn:nas-password=password",
cisco-avpair = "vpdn:gw-password=password"

thankyou again

bob


>From: Dennis Peng <dpeng at cisco.com>
>To: Bob Arthurs <bob_arthurs at hotmail.com>
>CC: cisco-nas at puck.nether.net
>Subject: Re: [cisco-nas] Sendpass not supported - l2f -- please help...
>Date: Tue, 2 Sep 2003 16:12:07 -0700
>
>As long as the tunnel profile is properly defined, you should not run
>into the "SENDPASS" error. That error occurs when the AAA subsystem
>needs to respond with a password to an authentication request we have
>received and we attempt to get it from RADIUS. Unlike TACACS+, the
>RADUIS protocol only specifies a mechanism for verifying inbound
>authentication responses, not for providing outbound authentication
>responses. So the attempt will fail with the SENDPASS error. Your
>profile should look something like:
>
>l2f.com Password=="cisco", Service-Type==Outbound-User
>         Tunnel-Type = L2F,
>         Tunnel-Medium-Type = IP,
>         Tunnel-Client-Auth-Id = "NAS",
>         Tunnel-Server-Endpoint = 10.1.1.1,
>         Cisco-AVPair = "vpdn:nas-password=cisco",
>         Cisco-AVPair = "vpdn:gw-password=cisco",
>
>If this is what your profile looks like and you are still seeing this
>error, please send me your version and config, your RADIUS tunnel
>profile, and "debug ppp negot", "debug vpdn l2x-ev", "debug radius",
>"debug aaa authen", and "debug aaa author" when you make a L2F
>call. Thanks.
>
>Dennis
>
>Bob Arthurs [bob_arthurs at hotmail.com] wrote:
> > dennis
> >
> > thanks very much for replying
> >
> > i did define both of the passwords. i also found this on cco
> >
> > 
>http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800d97ca.html#1003583
> >
> > in part called Misconfigured AAA Authentication it seems to talk about 
>this
> > issue. but i'm not really sure i understand. is this my problem do you
> > think?
> >
> > bob
> >
> >
> > >From: Dennis Peng <dpeng at cisco.com>
> > >To: Bob Arthurs <bob_arthurs at hotmail.com>
> > >CC: cisco-nas at puck.nether.net
> > >Subject: Re: [cisco-nas] Sendpass not supported - l2f -- please help...
> > >Date: Tue, 2 Sep 2003 11:31:48 -0700
> > >
> > >What does your tunnel profile look like on the RADIUS server? Did you
> > >define both the NAS and the Home Gateway password?
> > >
> > >Dennis
> > >
> > >Bob Arthurs [bob_arthurs at hotmail.com] wrote:
> > >> hi
> > >>
> > >> i have configured an l2f nas with a tunnel definition on a radius 
>server
> > >> but i get an error like 'sendpass not supported' (sorry i'm not near 
>the
> > >> box now). my aaa config is -
> > >>
> > >> aaa authentication ppp default group radius local
> > >> aaa authorization network default group radius
> > >>
> > >> not sure what is going wrong - i'm sure this works with l2tp (sure 
>i've
> > >> seen this config with l2tp).
> > >>
> > >> any ideas what is wrong ?- and is this problem limited to l2f - would
> > >this
> > >> aaa config work with l2tp.
> > >>
> > >> many thanks
> > >>
> > >> bob
> > >>
> > >> _________________________________________________________________
> > >> Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
> > >>
> > >> _______________________________________________
> > >> cisco-nas mailing list
> > >> cisco-nas at puck.nether.net
> > >> https://puck.nether.net/mailman/listinfo/cisco-nas
> >
> > _________________________________________________________________
> > Find a cheaper internet access deal - choose one to suit you.
> > http://www.msn.co.uk/internetaccess

_________________________________________________________________
Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile



More information about the cisco-nas mailing list