[cisco-nas] (no subject)

Henk Blacquière henk.blacquiere at sscplus.nl
Mon Jun 13 05:04:38 EDT 2005


Oliver,
Thanks for your reply and solution. It took me a while to get around to testing again but your
solution worked. Thought I had tested on protocol lcp as well but apparantly not enough.

Can I ask you one more question? On my DDR setup I have to configure CLI screening as an
additional security measure. Now it appears that in my setup with a dialer profiles (interface
dialer) configured per remote and using 'dialer pool' CLI screening does not work. I found out the
hard way that when I configure 'dialer caller 123456' no screening is done. Apparantly screening
only works with 'dialer rotary group' and on a dialer profile this is only used to bind the call
to the dialer (which I already do on 'dialer remote-name'). Now I can choose to use 'isdn caller'
on the physical interface (although this does not give me a one-to-one per dialer mapping) but I
have the situation that I also have to service single-user dial-in on the same box and interfaces
and these users are mobile so they should be able to dial in from any number.

Any idears on how to best tackle this situation?

Regards,
Henk


Henk Blacquière <> wrote on Tuesday, May 31, 2005 11:07 AM:

> Hi all,
>
> Having a question about 2-way ppp authentication using Radius:
> For my dial-in/dial-out DDR setup I want to do all the authentication
> on Radius. Sofar we have
> been using locally configured usernames/passwords but this should be
> moved to ACS.
>
[...]
>
> Does anybody have any idears on how to configure the ACS and/or NAS
> to also succesfully use the Radius method for SENDAUTH?
>
> BTW I already tried the cisco av-pairs sendauth and send-secret. Not
> sure however if I used them correctly because I can not find any
> precise documentation on this exact situation. Wen using authen as
> the protocol (e.g. cisco-avpair=authen:send-secret=password) it does
> not pick it up on  my 3640 with IP plus vs. 12.2(19a).

Include Cisco-avpair = "lcp:send-secret=password" in your user's Radius profile to support
outbound authentication.

	oli


Henk Blacquière
Network Consultant



More information about the cisco-nas mailing list