[cisco-nas] Autocommand PAD over ISDN

bordin at cetrel.lu bordin at cetrel.lu
Wed May 13 11:38:40 EDT 2009 

Hello Aaron,

Ok for don't use resource-pool manager.
But I have already configured aaa authentication and authorization :


aaa new-model
!
!
aaa group server tacacs+ TACACS-CETREL
 server xxxxxxxxxxxx
 server xxxxxxxxxxxx
!
aaa authentication login TAC-CET group TACACS-CETREL enable
aaa authentication login EMPTY none
aaa authentication enable default group TACACS-CETREL enable
aaa authorization exec default group TACACS-CETREL none 
aaa authorization exec EMPTY none 
aaa authorization exec TAC-CET group TACACS-CETREL local 
!


And when I configured 

username 11111111 nopassword dnis
username 11111111 autocommand pad 990101803 /cud ABRK /profile krone 
/quiet


I have this debug :


May 13 17:05:17.135: ISDN Se7/3:15 Q931: RX <- SETUP pd = 8  callref = 
0x6A9A 
        Bearer Capability i = 0x8890 
                Standard = CCITT 
                Transfer Capability = Unrestricted Digital 
                Transfer Mode = Circuit 
                Transfer Rate = 64 kbit/s 
        Channel ID i = 0xA9839D 
                Exclusive, Channel 29 
        Calling Party Number i = 0x0081, '999999999' 
                Plan:Unknown, Type:Unknown 
        Called Party Number i = 0xC1, '11111111' 
                Plan:ISDN, Type:Subscriber(local)
May 13 17:05:17.135: ISDN Se7/3:15 EVENT: process_rxstate: ces/callid 
1/0x124 calltype 1 CALL_INCOMING
May 13 17:05:17.135: ISDN Se7/3:15 EVENT: call_incoming: call_id 0x0124, 
Guid = 4D904F3D8124
May 13 17:05:17.135: AAA/BIND(0000015D): Bind i/f Serial7/3:28 
May 13 17:05:17.135: AAA/ACCT/DS0: channel=28, ds1=3, t3=0, slot=7, 
ds0=117452828
May 13 17:05:17.135: AAA/ACCT/DS0: channel=28, ds1=3, t3=0, slot=7, 
ds0=117452828
May 13 17:05:17.135: ISDN Se7/3:15 Q931: TX -> CALL_PROC pd = 8  callref = 
0xEA9A 
        Channel ID i = 0xA9839D 
                Exclusive, Channel 29
May 13 17:05:17.139: AAA: parse name=DS0:0:7:3:28 idb type=-1 tty=-1
May 13 17:05:17.139: AAA/MEMORY: create_user (0x6606ED54) user='11111111' 
ruser='NULL' ds0=0 port='DS0:0:7:3:28' rem_addr='999999999' 
authen_type=NONE service=NONE priv=0 initial_task_id='0', vrf= (id=0)
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
Port='DS0:0:7:3:28' list='default' service=RM
May 13 17:05:17.139: AAA/AUTHOR/RM call-accept: DS0:0:7:3:28(3726381892) 
user='11111111'
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
send AV service=resource-management
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
send AV protocol=call-accept
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
send AV rm-protocol-version=1.0
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
send AV rm-nas-state=1661397100
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
send AV rm-call-type=digital
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
send AV rm-request-type=dial-in
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
send AV rm-link-type=isdn
May 13 17:05:17.139: AAA/AUTHOR/RM call-accept(3726381892) no method list 
defined
        Type "resource-manager" list "default". Using method "local"
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM call-accept(3726381892): 
Method=LOCAL
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received DNIS=11111111
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received CLID=999999999
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received Port=DS0:0:7:3:28
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received AV service=resource-management
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received AV protocol=call-accept
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received AV rm-protocol-version=1.0
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received AV rm-nas-state=1661397100
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received AV rm-call-type=digital
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received AV rm-request-type=dial-in
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/local (3726381892): 
Received AV rm-link-type=isdn
May 13 17:05:17.139: AAA/AUTHOR (3726381892): Post authorization status = 
FAIL
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV service=resource-management
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV protocol=call-accept
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV rm-protocol-version=1.0
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV server-name*local
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV rm-response-code=no-customer-profile
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV rm-call-handle=290
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV rm-call-treatment=cna
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV rm-call-type=digital
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM/call-accept (3726381892): 
Processing AV rm-nas-state=1661397100
May 13 17:05:17.139: DS0:0:7:3:28 AAA/AUTHOR/RM (3726381892): 
authorization failed. Disallow call.
May 13 17:05:17.139: AAA/SERVERMSG: DS0:0:7:3:28 AAA/AUTHOR/RM: ERROR in 
local-rm-authorization
May 13 17:05:17.139: AAA/MEMORY: free_user (0x6606ED54) user='11111111' 
ruser='NULL' port='DS0:0:7:3:28' rem_addr='999999999' authen_type=NONE 
service=NONE priv=0 vrf= (id=0)
May 13 17:05:17.143: ISDN Se7/3:15 EVENT: UserIdle: callid 0x124 received 
REJECT_CALL (0x14)
sigma#
May 13 17:05:17.143: ISDN Se7/3:15 **ERROR**: process_dialer_command: 
Resource Manager/Caller ID screening failed, rejecting call
May 13 17:05:17.143: ISDN Se7/3:15 Q931: TX -> DISCONNECT pd = 8  callref 
= 0xEA9A 
        Cause i = 0x80AC - Requested circuit/channel not available
May 13 17:05:17.207: ISDN Se7/3:15 Q931: RX <- RELEASE pd = 8  callref = 
0x6A9A
May 13 17:05:17.211: ISDN Se7/3:15 EVENT: process_rxstate: ces/callid 
1/0x124 calltype 1 CALL_CLEARED
May 13 17:05:17.211: AAA/ACCT/DS0: channel=28, ds1=3, t3=0, slot=7, 
ds0=117452828
May 13 17:05:17.211: ISDN Se7/3:15 Q931: TX -> RELEASE_COMP pd = 8 callref 
= 0xEA9A
sigma#


We can see that the user is sending to the service "resource-manager". 

Question : "resource-management" is it "resource-pool management"  ?

Why it does not work ?

Thanks a lot.

Patrick.






Aaron Leonard <Aaron at cisco.com> 
12/05/2009 18:24

To
bordin at Cetrel.LU
cc
cisco-nas at puck.nether.net
Subject
Re: [cisco-nas] Autocommand PAD over ISDN






---------------------------------------------------------------
ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION
Ce mail provient de l'exterieur (Internet). Ne prenez aucune
action basee uniquement sur le contenu de ce mail, meme si
l'auteur semble etre la direction! SEC
---------------------------------------------------------------
 
Bordin,

Here's a way that I like to do this sort of thing ... i.e. the case where 
you have incoming modem calls, and based upon the called number, you want 
to invoke different applications.  Assuming that those applications can be 
invoked via an exec command, then there is no need for RPM - just do this:

aaa new-model
aaa authentication login default local radius
aaa authentication ppp default radius local
aaa authorization exec default local radius
username 5554446164 nopassword dnis
username 5554446164 autocommand pad 990101803 /cud ABRK /profile krone 
/quiet 
username 5554446163 nopassword dnis
username 5554446163 autocommand telnet 10.1.2.3

etc.

Now, while troubleshooting this, don't use autocommand.  Instead, from the 
exec prompt, manually enter the "pad" (or whatever) command.  Meanwhile, 
from another exec prompt, have some debugs running, so you can see what's 
going on.  Once you have the pad (or whatever) command working as desired, 
then you can put it into an autocommand.

Hth,

Aaron

P.S. Don't use "no flush-at-activation" on modem lines intended for 
character mode - this will tend to deliver garbage to the exec parser or 
to your server application.


bordin at cetrel.lu wrote: 

Hello, 

I have a problem for a migration of a "old" application Point of Sales. 
Before , the terminal async with Zmodem application is connected to a USR 
Robotics chassis in analogue (V32bis) and ISDN ( the application terminal 
is the same : according to the client we put a modem analogue or ISDN 
modem ) and USR Modems were connected to a pad Telematics. Then the call 
is made in X.25 to the application server. 

I have AS5400HPX, configured with "resource-pool". 
I have succeeded to configure for analog modem ( spe modem + autocommand 
pad )  but not for ISDN modem. 
I have tried with vty-async (LAPB-TA) and resource-pool group but It 
doesn't works. 
Has someone a idea ? 

Thanks a lot. 

Best Regards... 

Bordin Patrick 
Cetrel S.A. 
www.cetrel.lu 

The config : 


resource-pool enable 
! 
resource-pool group resource Krone 
 range port 1/44 
! 
resource-pool group resource Krone-isdn 
 range port 1/58 
! 
resource-pool profile customer Krone 
 limit base-size all 
 limit overflow-size 0 
 resource Krone speech   
 dnis group Krone 
! 
resource-pool profile customer Krone-isdn 
 limit base-size all 
 limit overflow-size 0 
 resource Krone-isdn digital   
 dnis group Krone-isdn 
! 
aaa new-model 
! 
! 
aaa group server tacacs+ XXXXXXXX 
aaa 


calltracker enable 
calltracker history max-size 360 
calltracker call-record terse quiet 
spe country germany 
! 
spe call-record modem 
! 
spe default-firmware spe-firmware-1 
no ip source-route 
! 
! 
x29 profile krone 1:0 2:0 3:2 4:6 5:0 6:0 7:0 8:0 9:0 12:0 13:0 14:0 15:0 
16:0 17:0 18:0 

vty-async 
vty-async virtual-template 1 

isdn switch-type primary-net5 
! 
x25 routing acknowledge local 

modemcap entry 
krone:MSC=&F&D2E0s0=0s2=43s3=13s4=10s5=8s15=1s21=0s22=0s23=1s24=1s53=0s29=1s64=0 


controller E1 7/3 
 pri-group timeslots 1-31 
 description ISDN PRI 
! 
ip tcp synwait-time 5 
ip telnet source-interface Loopback0 
ip tftp source-interface Loopback0 
ip ssh version 2 
ip scp server enable 
! 
! 
! 
! 
interface Loopback0 
 description Loopback Interface for management 
 ip address xxxxxxxxxxxxx 255.255.255.255 
! 
interface FastEthernet0/0 
 description DMZ 
 ip address ccccccccccccccc 255.255.255.0 
 ip virtual-reassembly 
 no ip route-cache cef 
 no ip route-cache 
 no ip mroute-cache 
 duplex auto 
 speed auto 
 no cdp enable 
! 
interface Serial7/3:15 
 description ISDN PRI 
 no ip address 
 encapsulation ppp 
 dialer rotary-group 1 
 dialer-group 1 
 autodetect encapsulation v120 lapb-ta 
 no snmp trap link-status 
 isdn switch-type primary-net5 
 isdn overlap-receiving T302 1500 
 isdn incoming-voice modem 
 no cdp enable 
! 
interface Virtual-Template1 
 ip unnumbered Loopback0 
 no peer default ip address 
 ppp authentication chap 
! 
interface Group-Async0 
 no ip address 
 encapsulation slip 
 async mode interactive 
 group-range 1/00 1/70 

dialer dnis group Krone 
 number yyyyyyyy 
 call-type cas speech 
! 
dialer dnis group Krone-isdn 
 number zzzzzzzz 
 call-type cas digital 
! 
dialer-list 1 protocol ip permit 

x25 route ^990101803.* hunt-group FEP xot-keepalive-period 5 
xot-keepalive-tries 3 
! 
privilege exec level 0 pad 
privilege exec level 0 telnet 
privilege exec level 1 enable 

line vty 0 4 
 access-class 1 in 
 logging synchronous level all 
 login authentication TAC-CET 
 transport preferred none 
 transport input ssh 
 transport output pad telnet 
 escape-character 3 
line vty 5 7 
 autocommand  pad 990101803 /cud ABRK /profile krone /quiet 
 transport input v120 lapb-ta 
 transport output pad 

line 1/44 
 session-timeout 1 
 no flush-at-activation 
 authorization exec EMPTY 
 login authentication EMPTY 
 no modem callout 
 modem Dialin 
 modem autoconfigure type krone 
 autocommand  pad 990101803 /cud ABRK /profile krone /quiet 
 transport preferred pad 
 transport input all 
 transport output pad 
 escape-character NONE 

line 1/58 
 session-timeout 1 
 location libre 
 no flush-at-activation 
 authorization exec EMPTY 
 login authentication EMPTY 
 no modem callout 
 modem Dialin 
 modem autoconfigure type V120 
 autocommand  pad 990101803 /cud ABRK /profile krone /quiet 
 transport preferred none 
 transport input v120 lapb-ta 
 transport output all 
 escape-character NONE 
end 
=======================================================================
This electronic message is not binding on its sender nor on Cetrel S.A.
Any use of information of this mail except the use by the addressee
within his or her business relation with Cetrel is strictly forbidden
CETREL S.A. L-2956 Luxembourg; Tel: 00352 35566-1; http://www.cetrel.lu
=======================================================================
 


_______________________________________________
cisco-nas mailing list
cisco-nas at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20090513/6a544fd5/attachment-0001.html>

More information about the cisco-nas mailing list