<br><font size=2 face="sans-serif">Thanks Aaron.....yes we've since got
it to work.....we've written our own TACACS and that's where the problem
was (which I assumed but needed to be sure my 5350 config was fine).....however,
I wasn't aware of the 'if needed' scenario...that could make things better
for us.</font>
<br>
<br><font size=2 face="sans-serif">.......as always, I appreciate your
help.....thx............Jamie</font>
<br>
<br>
<br><font size=2 face="sans-serif">James Savage
York University <br>
Senior Communications Tech. 108 Steacie Building<br>
jsavage@yorku.ca
4700 Keele Street<br>
ph: 416-736-2100 ext. 22605 Toronto,
Ontario<br>
fax: 416-736-5701
M3J 1P3, CANADA
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Aaron Leonard <Aaron@cisco.com></b>
</font>
<p><font size=1 face="sans-serif">06/22/2006 11:21 AM</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">Jamie Savage <jsavage@yorku.ca></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif">cisco-nas@puck.nether.net</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [cisco-nas] concurrent support for
dial-up scripts and CHAP?</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2>Jamie,<br>
<br>
Yes you can support users dialing in and authenticating either in <br>
character mode (dialup script) or via PPP (CHAP or PAP). Here's the
<br>
idea ...<br>
<br>
aaa authentication login default group tacacs ! for character mode logins<br>
aaa authentication ppp default group tacacs if-needed ! [1]<br>
int group-async1<br>
encapsulation ppp<br>
async mode interactive<br>
<br>
line 1/0 1/59<br>
autoselect ppp<br>
autoselect during-login<br>
<br>
[1] if-needed means that authentication in PPP is skipped if the call <br>
has already done character mode authentication<br>
<br>
Aaron<br>
<br>
---<br>
<br>
><br>
> Hi,<br>
> In light of the current problem with the latest Microsoft
updates <br>
> breaking dial-up scripts, we're looking into moving to CHAP for TACACS
<br>
> authentication. I'm trying to see if we can support both methods
but <br>
> I've not had much luck thus far. Is it possible to config my
5350 to <br>
> allow users to connect and authenticate using a script or CHAP?
If <br>
> so, is there more to config'ing the 5350 than adding 'ppp <br>
> authentication chap' to my Group-async0 interface and 'autoselect
ppp <br>
> and 'autoselect during-login' on my lines?<br>
><br>
> .............thanks in advance.........Jamie<br>
><br>
><br>
> James Savage
York University
<br>
> Senior Communications Tech. 108 Steacie Building<br>
> jsavage@yorku.ca
4700 Keele Street<br>
> ph: 416-736-2100 ext. 22605 Toronto,
Ontario<br>
> fax: 416-736-5701
M3J 1P3,
CANADA<br>
> ------------------------------------------------------------------------<br>
><br>
> _______________________________________________<br>
> cisco-nas mailing list<br>
> cisco-nas@puck.nether.net<br>
> https://puck.nether.net/mailman/listinfo/cisco-nas<br>
> <br>
<br>
</font></tt>
<br>