[nsp] BRI-PRI authentication via Radius

Mark Tinka mtinka at africaonline.co.sz
Sat Jul 10 15:28:29 EDT 2004


On Saturday 10 July 2004 15:55, Prit Patel wrote:

> Now, if i want to authenticate all the users in radius
> and i want to do billing for them then where i have to
> define uid & password so that when BRI dial to PRI it
> will authenticate in RADIUS.

This is the command you need on your NAS to allow for RADIUS authentication:

radius-server host x.x.x.1 auth-port 1812 acct-port 1813 timeout 2 key secret
radius-server host x.x.x.2 auth-port 1812 acct-port 1813 key secret

Generally, you only need one command, if you have one RADIUS server. But if 
you have 2 RADIUS servers (one for redundancy), then you can have both 
commands as shown above.

x.x.x.1 = your first RADIUS server IP
x.x.x.2 = your second RADIUS server IP

Port 1812 is the new RADIUS authentication port (old is 1645) and port 1813 is 
the new RADIUS accounting port (old is 1646).

The reason I've used the 'timeout 2' option on the first command is some 
times, you will need to reduce the the amount of time the client waits to get 
authenticated by the first RADIUS server. In my environment, a timeout of 2 
ensures if the first RADIUS server is available, I get authenticated before 
the timeout is met; and if it fails, it will comfortably fall back to backup 
RADIUS server.

Of course, your situation may differ, based on the speed of your LAN/backbone, 
speed of your RADIUS server and speed of the hardware/OS your RADIUS server 
is running on, among other things.

If you only have one RADIUS server, then the 'timeout' option isn't necessary.

Hope this helps.

Mark.

> Below is the config of router of PRI and BRI.
>
>
> My existing config is
> ################################################
>
> AT PRI ROUTER
> ==============
> hostname pri-core01
>
> aaa authentication ppp default local
>
> username bri password bri
>
>
> interface Serial4/0:15
>  description ### PRI(51360333###
>  no ip address
>  encapsulation ppp
>  dialer pool-member 1
>  isdn switch-type primary-net5
>  isdn incoming-voice data
>  peer default ip address pool PRI
>  ppp authentication chap
>  ppp ipcp dns 203.187.192.12 203.187.192.15
>
> interface Dialer1
>  description ###From BRI ###
>  ip unnumbered FastEthernet1/0
>  encapsulation ppp
>  dialer pool 2
>  dialer remote-name bri
>  dialer-group 2
>  peer default ip address pool PRI
>  no cdp enable
>  ppp authentication chap pap
>  ppp multilink
>
> ip local pool PRI x.x.x.x    x.x.x.x
> dialer-list 1 protocol ip permit
>
>
> AT BRI
> ==================
> hostname bri
> username pri password bri
>
> interface BRI0
>  description ***BRI Link***
>  bandwidth 128
>  ip address negotiated
>  no ip directed-broadcast
>  encapsulation ppp
>  no ip mroute-cache
>  load-interval 30
>  dialer string XXXXXXXXXX
>  dialer-group 1
>  isdn switch-type basic-net3
>  no cdp enable
>  ppp authentication chap
>  ppp multilink
> dialer-list 1 protocol ip permit
>
>
> ##############################################
>
>
>
>
>
>
> ________________________________________________________________________
> Yahoo! India Careers: Over 50,000 jobs online
> Go to: http://yahoo.naukri.com/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list