[cisco-nas] AS5350 ISDN Problems

Mark Johnson mljohnso at cisco.com
Thu Feb 26 12:47:34 EST 2004 

At 02:57 PM 2/26/2004 +0300, GLO wrote:
>Hi
>
>Thanks for the response.
>For the users that connect but cannot transmit,  I have checked and:-
>LCP and IPCP are OPEN
>the user has an IP address assigned
>the user's IP address is in the routing table
>
>For the disconects; I have done the suggested aaa and ppp debugs but can't
>seem to deduce anything much from the output.
>I have attached the debug output incase you have any ideas.

Here is the smoking gun, so to speak:

3w4d: As2/50 AAA/AUTHOR/IP: authorization failed

And if you look at what is being authorized/downloaded from the AAA server:

3w4d: As2/50 AAA/AUTHOR (736691766): Post authorization status = PASS_REPL
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV service=ppp
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV addr=2.1.9.2
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV outacl=internet
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV inacl=160
3w4d: As2/50 AAA/AUTHOR/IPCP: Authorization succeeded

I suppose the problem could be that you don't have access-lists 160
or internet defined on the 5350.  Is that possible?

mark

>Thanks,
>
>George.
>
>----- Original Message -----
>From: "Mark Johnson" <mljohnso at cisco.com>
>To: "GLO" <glotieno at kenyaweb.com>
>Sent: Wednesday, February 25, 2004 10:04 PM
>Subject: Re: [cisco-nas] AS5350 ISDN Problems
>
>
> > At 07:34 PM 2/25/2004 +0300, you wrote:
> > >I have a Cisco access server AS5350 with E1 modules; and I am
>experiencing a
> > >strange problem.
> > >Some dialup calls on the ISDN line connect but the users can't transmit
>data
> > >(can't even ping the assigned IP).
> >
> > Some things to check when a user is connected:
> >
> > sh int  async xx        make sure LCP and IPCP are OPEN
> > sh caller xx            make sure the user has an IP address assigned
> > sh ip route x.x.x.x     make sure the user's IP address is in the routing
>table
> > debug ip icmp           ping from the remote and confirm if you see the
>ICMP
> >                            echo requests at the 5350 (und all when done)
> >
> > >Other users disconnect immediately after authentication.
> >
> > debug ppp neg
> > debug ppp err
> > debug aaa author
> > debug aaa authen
> >
> > Confirm *who* initiates the disconnect (who sends the LCP TERMREQ).
> > If it's the remote, you need to check there.  If it's the 5350,
> > hopefully the debug will indicate why.
> >
> > Good luck,
> >
> > mark
> >
> >

More information about the cisco-nas mailing list