[cisco-nas] concurrent support for dial-up scripts and CHAP?

Jamie Savage jsavage at yorku.ca
Thu Jun 22 11:28:01 EDT 2006 

Thanks Aaron.....yes we've since got it to work.....we've written our own 
TACACS and that's where the problem was (which I assumed but needed to be 
sure my 5350 config was fine).....however, I wasn't aware of the 'if 
needed' scenario...that could make things better for us.

.......as always, I appreciate your help.....thx............Jamie


James Savage                                   York University 
Senior Communications Tech.       108 Steacie Building
jsavage at yorku.ca                            4700 Keele Street
ph: 416-736-2100 ext. 22605            Toronto, Ontario
fax: 416-736-5701                                M3J 1P3, CANADA 



Aaron Leonard <Aaron at cisco.com> 
06/22/2006 11:21 AM

To
Jamie Savage <jsavage at yorku.ca>
cc
cisco-nas at puck.nether.net
Subject
Re: [cisco-nas] concurrent support for dial-up scripts and CHAP?






Jamie,

Yes you can support users dialing in and authenticating either in 
character mode (dialup script) or via PPP (CHAP or PAP).  Here's the 
idea ...

aaa authentication login default group tacacs ! for character mode logins
aaa authentication ppp default group tacacs if-needed ! [1]
int group-async1
  encapsulation ppp
  async mode interactive
 
line 1/0 1/59
  autoselect ppp
  autoselect during-login

[1] if-needed means that authentication in PPP is skipped if the call 
has already done character mode authentication

Aaron

---

>
> Hi,
>     In light of the current problem with the latest Microsoft updates 
> breaking dial-up scripts, we're looking into moving to CHAP for TACACS 
> authentication.  I'm trying to see if we can support both methods but 
> I've not had much luck thus far.  Is it possible to config my 5350 to 
> allow users to connect and authenticate using a script or CHAP?   If 
> so, is there more to config'ing the 5350 than adding 'ppp 
> authentication chap' to my Group-async0 interface and 'autoselect ppp 
> and 'autoselect during-login' on my lines?
>
> .............thanks in advance.........Jamie
>
>
> James Savage                                   York University 
> Senior Communications Tech.       108 Steacie Building
> jsavage at yorku.ca                            4700 Keele Street
> ph: 416-736-2100 ext. 22605            Toronto, Ontario
> fax: 416-736-5701                                M3J 1P3, CANADA
> ------------------------------------------------------------------------
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20060622/6a13448c/attachment.html

More information about the cisco-nas mailing list