[nsp] BRI-PRI authentication via Radius
Prit Patel
worknetworld at yahoo.co.in
Sun Jul 11 02:33:05 EDT 2004
Thanks Mark,
But what i need to configure at BRI side.
How can i send the username & password to my NAS ?
Regards
Prit
--- Mark Tinka <mtinka at africaonline.co.sz> wrote: > On
Saturday 10 July 2004 15:55, Prit Patel wrote:
>
> > Now, if i want to authenticate all the users in
> radius
> > and i want to do billing for them then where i
> have to
> > define uid & password so that when BRI dial to PRI
> it
> > will authenticate in RADIUS.
>
> This is the command you need on your NAS to allow
> for RADIUS authentication:
>
> radius-server host x.x.x.1 auth-port 1812 acct-port
> 1813 timeout 2 key secret
> radius-server host x.x.x.2 auth-port 1812 acct-port
> 1813 key secret
>
> Generally, you only need one command, if you have
> one RADIUS server. But if
> you have 2 RADIUS servers (one for redundancy), then
> you can have both
> commands as shown above.
>
> x.x.x.1 = your first RADIUS server IP
> x.x.x.2 = your second RADIUS server IP
>
> Port 1812 is the new RADIUS authentication port (old
> is 1645) and port 1813 is
> the new RADIUS accounting port (old is 1646).
>
> The reason I've used the 'timeout 2' option on the
> first command is some
> times, you will need to reduce the the amount of
> time the client waits to get
> authenticated by the first RADIUS server. In my
> environment, a timeout of 2
> ensures if the first RADIUS server is available, I
> get authenticated before
> the timeout is met; and if it fails, it will
> comfortably fall back to backup
> RADIUS server.
>
> Of course, your situation may differ, based on the
> speed of your LAN/backbone,
> speed of your RADIUS server and speed of the
> hardware/OS your RADIUS server
> is running on, among other things.
>
> If you only have one RADIUS server, then the
> 'timeout' option isn't necessary.
>
> Hope this helps.
>
> Mark.
>
> > Below is the config of router of PRI and BRI.
> >
> >
> > My existing config is
> > ################################################
> >
> > AT PRI ROUTER
> > ==============
> > hostname pri-core01
> >
> > aaa authentication ppp default local
> >
> > username bri password bri
> >
> >
> > interface Serial4/0:15
> > description ### PRI(51360333###
> > no ip address
> > encapsulation ppp
> > dialer pool-member 1
> > isdn switch-type primary-net5
> > isdn incoming-voice data
> > peer default ip address pool PRI
> > ppp authentication chap
> > ppp ipcp dns 203.187.192.12 203.187.192.15
> >
> > interface Dialer1
> > description ###From BRI ###
> > ip unnumbered FastEthernet1/0
> > encapsulation ppp
> > dialer pool 2
> > dialer remote-name bri
> > dialer-group 2
> > peer default ip address pool PRI
> > no cdp enable
> > ppp authentication chap pap
> > ppp multilink
> >
> > ip local pool PRI x.x.x.x x.x.x.x
> > dialer-list 1 protocol ip permit
> >
> >
> > AT BRI
> > ==================
> > hostname bri
> > username pri password bri
> >
> > interface BRI0
> > description ***BRI Link***
> > bandwidth 128
> > ip address negotiated
> > no ip directed-broadcast
> > encapsulation ppp
> > no ip mroute-cache
> > load-interval 30
> > dialer string XXXXXXXXXX
> > dialer-group 1
> > isdn switch-type basic-net3
> > no cdp enable
> > ppp authentication chap
> > ppp multilink
> > dialer-list 1 protocol ip permit
> >
> >
> > ##############################################
> >
> >
> >
> >
> >
> >
> >
>
________________________________________________________________________
> > Yahoo! India Careers: Over 50,000 jobs online
> > Go to: http://yahoo.naukri.com/
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
http://puck.nether.net/pipermail/cisco-nsp/
________________________________________________________________________
Yahoo! India Careers: Over 50,000 jobs online
Go to: http://yahoo.naukri.com/
More information about the cisco-nsp
mailing list