[cisco-nas] FW: Problems with creating Virtual-Access interfaces
Félix Izquierdo
fizquierdo at l3consulting.com
Tue Aug 31 11:33:09 EDT 2004
Andris Zarins wrote:
> Hi,
>
> I’ve got a task to implement a dial-in access to VRF on Cisco router
> (3640). Scheme is almost trivial – client (Cisco router, for example
> 2500 series) dials-in using ISDN to Cisco NAS 3640 (12.3(8) T3 – TELCO).
> Then RADIUS authentication and authorization is performed, and there
> should be created virtual-access interface dynamically with
> configuration received from RADIUS server. Everything seems OK – user
> dials-in, authenticates himself, RADIUS sends Vaccess i-faces
> configuration (tried debugging – OK) , but no Virtual-Access interfaces
> are created. Instead of this ISDN channels get bind to DialerProfile and
> there is no per-user configuration. I tried to downgrade IOS code to
> 12.0 – using this version and exactly the same NAS configuration,
> VAccess interfaces are created, but there are problems with RADIUS – AAA
> messages are denied by error “decrypt failed” (I believe this is another
> story, not connected this this VAccess issue).
>
> Question is – why there are no Virtual-Access interfaces using IOS 12.3?
> Am I missing some required configuration? In 12.0 there is a command
> “virtual-profile aaa”, but it is deprecated since 12.2, and it should
> work without it.
>
Because the new vaccess default using subinterface. You must configure
"no virtual-template subinterface".
Félix
More information about the cisco-nas
mailing list