[cisco-nas] Asynchronous callback problems

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Jul 14 11:41:39 EDT 2005 

Oliver Boehmer (oboehmer) <> wrote on Thursday, July 14, 2005 5:22 PM:

> I'm trying to configure callback from 3640 (E1) to WindowsXP PC
> (async line). There are several types of users callin to that NAS -
> Cisco routers using ISDN, async modem users who shouldnt be called
> back, and now there should be async modem users who should be called
> back. This is why I need per user AAA what is done using RADIUS.
> Below is RADIUS profile configuration.     
>
> NAS (3640) has numerous mica-midems installed. Dial-in without
> callback is working fine, as AAA is done using RADIUS server, so
> configuration for vaccess interfaces comes also from vtemplate +
> RADIUS part.   
> 
> And here is profile from RADIUS for involved user:
>  
> Profile="callback"
>             Framed-Protocol = PPP
>             Service-Type = Framed-User
>             cisco-avpair = "lcp:interface-config=ppp callback accept"
>             cisco-avpair = "lcp:interface-config=ip unnumbered lo2"
>             cisco-avpair = "lcp:interface-config=peer default ip
address pool dial-up" 
>             cisco-avpair = "lcp:interface-config=encaps ppp"
>             cisco-avpair = "lcp:interface-config=ppp multilink"

Applying "encaps ppp" and "ppp multilink" makes no sense here.. Those
commands belong on the interface.if you want to limit multilink channels
for users, use the AVPs multilink:min-links/multilink:max-links.

> What I'm worried about is command "ppp callback accept". As far as I
> know - it should be configured on group-async interface, but if I do
> it - nobody is able to call-in in any manner (with callback or
> without). "debug aaa authentication" says that user isn't authorized
> for callback and AAA procedure exits at that moment (or maybe I'm not
> doin enough debugging, so Im missin something).     

ppp callback accept must be on the interface, check out
http://www.cisco.com/warp/public/480/pppcallback_rad.html for an
example.

It is strange that this causes issues for non-callback user. Can you
send the complete config as well as "debug radius", "debug aaa
authorization", "debug aaa per-user" and "debug ppp neg"

	oli

P.S: Please send plain-text emails..

More information about the cisco-nas mailing list