[c-nsp] PPP Authentication on Serial T1 Interface with PPP
Nick Voth
nvoth at estreet.com
Wed Feb 6 00:24:29 EST 2008
> From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> Date: Wed, 6 Feb 2008 05:13:56 +0100
> To: Nick Voth <nvoth at estreet.com>, <cisco-nsp at puck.nether.net>
> Conversation: [c-nsp] PPP Authentication on Serial T1 Interface with PPP
> Subject: RE: [c-nsp] PPP Authentication on Serial T1 Interface with PPP
>
> Nick Voth <> wrote on Tuesday, February 05, 2008 11:14 PM:
>
>> Hello folks,
>>
>> Sorry for hammering on the list again for help, but this is my first
>> T1 done this way. We have a channelized DS3 coming in on a PA-MC-T3
>> card on a 7206. We are getting LCP errors from the far end. I suspect
>> it's because I haven't set up any PPP authentication on the 7206 end,
>> BUT I don't know how to get past this.
>>
>> With "debug ppp auth" enabled I see:
>>
>> AAA/AUTHOR/LCP: Denied
>>
>> Here is the config of the individual T1 interface:
>>
>> interface Serial4/0/1:0
>> description Titan Manufacturing
>> ip address 10.0.0.5 255.255.255.252
>> no ip redirects
>> no ip unreachables
>> no ip proxy-arp
>> encapsulation ppp
>> no cdp enable
>>
>> Is there a PPP command that will tell my end, (7206 with the DS3),
>> that no authentication is necessary? The far end is a Kentrox T1
>> router and we've never needed to configure a PPP username/password
>> with those, when they are talking to each other on both sides of the
>> T1.
>
> I guess you have
>
> aaa new-model
> aaa authorization network default group {tacacs+|radius} ...
>
> somewhere in your config? This triggers authorization (not
> authentication) on your leased line. To "fix" this, just use
>
> aaa authorization network NOAUTH none
> int s4/0/1:0
> ppp authorization NOAUTH
>
> or use a non-default group on your other interface where you do want to
> use authen/author.
>
> oli
Oliver,
Thanks very much. That definitely did the trick!
-Nick Voth
More information about the cisco-nsp
mailing list