[cisco-nas] Sendpass not supported - l2f -- please help...

Dennis Peng dpeng at cisco.com
Thu Sep 4 16:09:35 EDT 2003


That should work Bob (I tested it out just to make sure too). If you
could get the debugs and send it to me, that might help me pinpoint
the problem. Please add "debug vpdn l2x-er" to the list as
well. Thanks.

Dennis

Bob Arthurs [bob_arthurs at hotmail.com] wrote:
> 
> dennis - thanks for explanation. my tunnel definition looks like (i think- 
> i am not near my radius sever now - just as i remember):
> 
> on a merit radius server:
> 
> abc.com Password = "cisco"
> Service-Type = Outbound-User,
> cisco-avpair = "vpdn:tunnel-id=l2f_nas",
> cisco-avpair = "vpdn:ip-addresses=10.1.1.1",
> cisco-avpair = "vpdn:nas-password=password",
> cisco-avpair = "vpdn:gw-password=password"
> 
> thankyou again
> 
> bob
> 
> 
> >From: Dennis Peng <dpeng at cisco.com>
> >To: Bob Arthurs <bob_arthurs at hotmail.com>
> >CC: cisco-nas at puck.nether.net
> >Subject: Re: [cisco-nas] Sendpass not supported - l2f -- please help...
> >Date: Tue, 2 Sep 2003 16:12:07 -0700
> >
> >As long as the tunnel profile is properly defined, you should not run
> >into the "SENDPASS" error. That error occurs when the AAA subsystem
> >needs to respond with a password to an authentication request we have
> >received and we attempt to get it from RADIUS. Unlike TACACS+, the
> >RADUIS protocol only specifies a mechanism for verifying inbound
> >authentication responses, not for providing outbound authentication
> >responses. So the attempt will fail with the SENDPASS error. Your
> >profile should look something like:
> >
> >l2f.com Password=="cisco", Service-Type==Outbound-User
> >        Tunnel-Type = L2F,
> >        Tunnel-Medium-Type = IP,
> >        Tunnel-Client-Auth-Id = "NAS",
> >        Tunnel-Server-Endpoint = 10.1.1.1,
> >        Cisco-AVPair = "vpdn:nas-password=cisco",
> >        Cisco-AVPair = "vpdn:gw-password=cisco",
> >
> >If this is what your profile looks like and you are still seeing this
> >error, please send me your version and config, your RADIUS tunnel
> >profile, and "debug ppp negot", "debug vpdn l2x-ev", "debug radius",
> >"debug aaa authen", and "debug aaa author" when you make a L2F
> >call. Thanks.
> >
> >Dennis
> >
> >Bob Arthurs [bob_arthurs at hotmail.com] wrote:
> >> dennis
> >>
> >> thanks very much for replying
> >>
> >> i did define both of the passwords. i also found this on cco
> >>
> >> 
> >http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800d97ca.html#1003583
> >>
> >> in part called Misconfigured AAA Authentication it seems to talk about 
> >this
> >> issue. but i'm not really sure i understand. is this my problem do you
> >> think?
> >>
> >> bob
> >>
> >>
> >> >From: Dennis Peng <dpeng at cisco.com>
> >> >To: Bob Arthurs <bob_arthurs at hotmail.com>
> >> >CC: cisco-nas at puck.nether.net
> >> >Subject: Re: [cisco-nas] Sendpass not supported - l2f -- please help...
> >> >Date: Tue, 2 Sep 2003 11:31:48 -0700
> >> >
> >> >What does your tunnel profile look like on the RADIUS server? Did you
> >> >define both the NAS and the Home Gateway password?
> >> >
> >> >Dennis
> >> >
> >> >Bob Arthurs [bob_arthurs at hotmail.com] wrote:
> >> >> hi
> >> >>
> >> >> i have configured an l2f nas with a tunnel definition on a radius 
> >server
> >> >> but i get an error like 'sendpass not supported' (sorry i'm not near 
> >the
> >> >> box now). my aaa config is -
> >> >>
> >> >> aaa authentication ppp default group radius local
> >> >> aaa authorization network default group radius
> >> >>
> >> >> not sure what is going wrong - i'm sure this works with l2tp (sure 
> >i've
> >> >> seen this config with l2tp).
> >> >>
> >> >> any ideas what is wrong ?- and is this problem limited to l2f - would
> >> >this
> >> >> aaa config work with l2tp.
> >> >>
> >> >> many thanks
> >> >>
> >> >> bob
> >> >>
> >> >> _________________________________________________________________
> >> >> Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
> >> >>
> >> >> _______________________________________________
> >> >> cisco-nas mailing list
> >> >> cisco-nas at puck.nether.net
> >> >> https://puck.nether.net/mailman/listinfo/cisco-nas
> >>
> >> _________________________________________________________________
> >> Find a cheaper internet access deal - choose one to suit you.
> >> http://www.msn.co.uk/internetaccess
> 
> _________________________________________________________________
> Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
> 
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas


More information about the cisco-nas mailing list