[c-nsp] PPP Authentication on Serial T1 Interface with PPP
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Feb 5 23:13:56 EST 2008
Nick Voth <> wrote on Tuesday, February 05, 2008 11:14 PM:
> Hello folks,
>
> Sorry for hammering on the list again for help, but this is my first
> T1 done this way. We have a channelized DS3 coming in on a PA-MC-T3
> card on a 7206. We are getting LCP errors from the far end. I suspect
> it's because I haven't set up any PPP authentication on the 7206 end,
> BUT I don't know how to get past this.
>
> With "debug ppp auth" enabled I see:
>
> AAA/AUTHOR/LCP: Denied
>
> Here is the config of the individual T1 interface:
>
> interface Serial4/0/1:0
> description Titan Manufacturing
> ip address 10.0.0.5 255.255.255.252
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> encapsulation ppp
> no cdp enable
>
> Is there a PPP command that will tell my end, (7206 with the DS3),
> that no authentication is necessary? The far end is a Kentrox T1
> router and we've never needed to configure a PPP username/password
> with those, when they are talking to each other on both sides of the
> T1.
I guess you have
aaa new-model
aaa authorization network default group {tacacs+|radius} ...
somewhere in your config? This triggers authorization (not
authentication) on your leased line. To "fix" this, just use
aaa authorization network NOAUTH none
int s4/0/1:0
ppp authorization NOAUTH
or use a non-default group on your other interface where you do want to
use authen/author.
oli
More information about the cisco-nsp
mailing list