[cisco-nas] Asynchronous callback problems
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu Jul 14 11:41:39 EDT 2005
Oliver Boehmer (oboehmer) <> wrote on Thursday, July 14, 2005 5:22 PM:
> I'm trying to configure callback from 3640 (E1) to WindowsXP PC
> (async line). There are several types of users callin to that NAS -
> Cisco routers using ISDN, async modem users who shouldnt be called
> back, and now there should be async modem users who should be called
> back. This is why I need per user AAA what is done using RADIUS.
> Below is RADIUS profile configuration.
>
> NAS (3640) has numerous mica-midems installed. Dial-in without
> callback is working fine, as AAA is done using RADIUS server, so
> configuration for vaccess interfaces comes also from vtemplate +
> RADIUS part.
>
> And here is profile from RADIUS for involved user:
>
> Profile="callback"
> Framed-Protocol = PPP
> Service-Type = Framed-User
> cisco-avpair = "lcp:interface-config=ppp callback accept"
> cisco-avpair = "lcp:interface-config=ip unnumbered lo2"
> cisco-avpair = "lcp:interface-config=peer default ip
address pool dial-up"
> cisco-avpair = "lcp:interface-config=encaps ppp"
> cisco-avpair = "lcp:interface-config=ppp multilink"
Applying "encaps ppp" and "ppp multilink" makes no sense here.. Those
commands belong on the interface.if you want to limit multilink channels
for users, use the AVPs multilink:min-links/multilink:max-links.
> What I'm worried about is command "ppp callback accept". As far as I
> know - it should be configured on group-async interface, but if I do
> it - nobody is able to call-in in any manner (with callback or
> without). "debug aaa authentication" says that user isn't authorized
> for callback and AAA procedure exits at that moment (or maybe I'm not
> doin enough debugging, so Im missin something).
ppp callback accept must be on the interface, check out
http://www.cisco.com/warp/public/480/pppcallback_rad.html for an
example.
It is strange that this causes issues for non-callback user. Can you
send the complete config as well as "debug radius", "debug aaa
authorization", "debug aaa per-user" and "debug ppp neg"
oli
P.S: Please send plain-text emails..
More information about the cisco-nas
mailing list