[cisco-nas] ISDN and Async Dialup over same PRI
Matthias Schaerer
matthias.schaerer at anyweb.ch
Fri Jun 9 10:55:33 EDT 2006
Hi,
I am having trouble with the configuration of a dialup scenario where I
want to have three types of connections:
- Remote Routers dialing in via ISDN
- Remote ISDN Clients
- Remote Modem Users
To make things a bit more complicated I have to use RADIUS for
authentication and for a part of the configuration of the remote sites.
The
router-router connections are fine as well as the modem connections
(dialer profiles for each
site, group-async Interface for the modems.
The thing I do not get to work are the remote ISDN clients. I have tried
to use a Virtual-template interface and want to add IP address and subnet
mask
via RADIUS. I see the user dialing in, he gets authenticated and RADIUS
sends ip
addr, subnet mask, framed protocol ppp and service type framed to the NAS
(3745, 12.3(19)).
The NAS continues with the PPP negotiation but does not use the ip addr
that is
provided by RADIUS but first uses the address from the unnumbered
interface and then
reverts to 0.0.0.0 as proposed addresss and finally drops the call.
I get messages like that:
Jun 9 13:23:52.845: Vi2 IPCP: No peer address configured
Jun 9 13:23:52.845: Vi2 IPCP: Neither side knows remote address
What do I need to add to the config that RADIUS info is propagated to
the client, so the PPP negotiation could succeed?
I add the part of the config that I consider being relevant for the
dialup so you can have a look at my status at the time.
Any hints are very welcome.
Thanks.
Mat
---------------------------------
aaa new-model
!
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authentication ppp DialInAndOut if-needed group radius
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network DialInAndOut group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
!
virtual-profile virtual-template 1
!
controller E1 1/0
pri-group timeslots 1-31
!
interface FastEthernet0/0
ip address 172.16.128.124 255.255.255.128
no ip redirects
speed 100
full-duplex
!
interface Serial1/0:15
no ip address
encapsulation ppp
dialer pool-member 1
no snmp trap link-status
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
ppp authentication chap DialInAndOut
ppp chap hostname charlie
ppp multilink
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
no snmp trap link-status
no peer default ip address
ppp authentication chap DialInAndOut
ppp authorization DialInAndOut
!
interface Group-Async0
ip unnumbered FastEthernet0/0
encapsulation ppp
ip tcp header-compression
dialer in-band
dialer idle-timeout 120 either
dialer-group 1
no snmp trap link-status
async mode interactive
no peer default ip address
ppp authentication chap DialInAndOut
ppp authorization DialInAndOut
group-range 65 94
!
interface Dialer0
ip unnumbered FastEthernet0/0
encapsulation ppp
ip tcp header-compression passive
dialer pool 1
dialer idle-timeout 120 either
dialer-group 1
no peer default ip address
no cdp enable
ppp authentication chap DialInAndOut
ppp authorization DialInAndOut
ppp chap hostname charlie
ppp multilink
!
interface Dialer1
ip address 192.168.7.1 255.255.255.252
encapsulation ppp
dialer pool 1
dialer remote-name chaplin
dialer-group 1
no cdp enable
ppp authentication chap DialInAndOut
ppp chap hostname charlie
------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20060609/ad211a06/attachment.html
More information about the cisco-nas
mailing list