[cisco-nas] ISDN and Async Dialup over same PRI

Aaron Leonard Aaron at cisco.com
Fri Jun 9 17:12:18 EDT 2006


Matthias,

Looks like Serial1/0:15 is missing the command "ppp authorization 
DialInAndOut".

Regards,

Aaron

---

>
> Hi,
>
> I am having trouble with the configuration of a dialup scenario where I
> want to have three types of connections:
>
> - Remote Routers dialing in via ISDN
> - Remote ISDN Clients
> - Remote Modem Users
>
> To make things a bit more complicated I have to use RADIUS for
> authentication and for a part of the configuration of the remote 
> sites. The
> router-router connections are fine as well as the modem connections 
> (dialer profiles for each
> site, group-async Interface for the modems.
>
> The thing I do not get to work are the remote ISDN clients. I have tried
> to use a Virtual-template interface and want to add IP address and 
> subnet mask
> via RADIUS. I see the user dialing in, he gets authenticated and 
> RADIUS sends ip
> addr, subnet mask, framed protocol ppp and service type framed to the 
> NAS (3745, 12.3(19)).
> The NAS continues with the PPP negotiation but does not use the ip 
> addr that is
> provided by RADIUS but first uses the address from the unnumbered 
> interface and then
> reverts to _0.0.0.0_ <http://0.0.0.0/> as proposed addresss and 
> finally drops the call.
>
> I get messages like that:
> Jun  9 13:23:52.845: Vi2 IPCP: No peer address configured
> Jun  9 13:23:52.845: Vi2 IPCP: Neither side knows remote address
>
> What do I need to add to the config that RADIUS info is propagated to
> the client, so the PPP negotiation could succeed?
>
> I add the part of the config that I consider being relevant for the
> dialup so you can have a look at my status at the time.
>
> Any hints are very welcome.
> Thanks.
> Mat
>
>
> ---------------------------------
> aaa new-model
> !
> aaa authentication login default group tacacs+ line
> aaa authentication enable default group tacacs+ enable
> aaa authentication ppp DialInAndOut if-needed group radius
> aaa authorization config-commands
> aaa authorization exec default group tacacs+ if-authenticated
> aaa authorization commands 15 default group tacacs+ if-authenticated
> aaa authorization network DialInAndOut group radius
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
> aaa accounting network default start-stop group tacacs+
> aaa accounting connection default start-stop group tacacs+
> aaa accounting system default start-stop group tacacs+
> aaa session-id common
> !
> virtual-profile virtual-template 1
> !
> controller E1 1/0
> pri-group timeslots 1-31
> !
> interface FastEthernet0/0
> ip address _172.16.128.124_ <http://172.16.128.124/> _255.255.255.128_ 
> <http://255.255.255.128/>
> no ip redirects
> speed 100
> full-duplex
> !
> interface Serial1/0:15
> no ip address
> encapsulation ppp
> dialer pool-member 1
> no snmp trap link-status
> isdn switch-type primary-net5
> isdn incoming-voice modem
> no peer default ip address
> ppp authentication chap DialInAndOut
> ppp chap hostname charlie
> ppp multilink
> !
> interface Virtual-Template1
> ip unnumbered FastEthernet0/0
> no snmp trap link-status
> no peer default ip address
> ppp authentication chap DialInAndOut
> ppp authorization DialInAndOut
> !
> interface Group-Async0
> ip unnumbered FastEthernet0/0
> encapsulation ppp
> ip tcp header-compression
> dialer in-band
> dialer idle-timeout 120 either
> dialer-group 1
> no snmp trap link-status
> async mode interactive
> no peer default ip address
> ppp authentication chap DialInAndOut
> ppp authorization DialInAndOut
> group-range 65 94
> !
> interface Dialer0
> ip unnumbered FastEthernet0/0
> encapsulation ppp
> ip tcp header-compression passive
> dialer pool 1
> dialer idle-timeout 120 either
> dialer-group 1
> no peer default ip address
> no cdp enable
> ppp authentication chap DialInAndOut
> ppp authorization DialInAndOut
> ppp chap hostname charlie
> ppp multilink
> !
> interface Dialer1
> ip address _192.168.7.1_ <http://192.168.7.1/> _255.255.255.252_ 
> <http://255.255.255.252/>
> encapsulation ppp
> dialer pool 1
> dialer remote-name chaplin
> dialer-group 1
> no cdp enable
> ppp authentication chap DialInAndOut
> ppp chap hostname charlie
> ------------------------------------------
> ------------------------------------------------------------------------
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>   



More information about the cisco-nas mailing list