[c-nsp] PPPoE and PPtP Problems

Arie Vayner (avayner) avayner at cisco.com
Mon Jul 21 13:24:43 EDT 2014


Francisco,

Create a new AAA authentication profile (instead of default use a custom name) and set it to local authentication. Apply that on the virtual-template you use for PPTP

Arie

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Francisco Lopez Posadas
Sent: Monday, July 21, 2014 08:34
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] PPPoE and PPtP Problems

Hello, my debut with a question and see if you can help me. 

I currently have a Cisco 7206VXR where I have a Radius server configured for PPPoE. 

The problem is that I also used for PPTP and that's what I do not. 

I would like to access through PPTP out under local authentication only, not the radius. 

I have ver 12.4-24-T2 advance enterprise. 

I copied the current config in case I see something strange:

 

upgrade fpd auto

version 12.4

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname xxxxxxxxx

!

boot-start-marker

boot system disk2:c7200-adventerprisek9-mz.124-24.T2.bin

boot-end-marker

!

logging message-counter syslog

logging snmp-authfail

logging queue-limit 100

enable secret 5 *************************

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication ppp default group radius

aaa authorization exec default local 

aaa authorization network default group radius 

aaa accounting delay-start 

aaa accounting update periodic 3

aaa accounting exec default

action-type start-stop

group radius

!

aaa accounting network default

action-type start-stop

group radius

!

aaa accounting network vpdn

action-type start-stop

group radius

!

!         

aaa nas port extended

aaa server radius dynamic-author

server-key 7 *****************

auth-type any

!

aaa session-id common

ip source-route

ip cef

!

!

 

!

multilink bundle-name authenticated

vpdn enable

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

force-local-chap

 

!

!

!

bba-group pppoe global

virtual-template 2

!

!

interface Loopback0

no ip address

!

!

interface Virtual-Template1

ip unnumbered GigabitEthernet0/1

ip virtual-reassembly

peer default ip address pool vpn-pptp

no keepalive

ppp encrypt mppe 128

ppp authentication ms-chap pap chap ms-chap-v2

!

interface Virtual-Template2

mtu 1492

ip unnumbered GigabitEthernet0/1.xxx

no ip redirects

no ip unreachables

no ip proxy-arp

no snmp trap link-status

peer default ip address dhcp-pool pruebas

keepalive 4

ppp authentication chap pap

ppp ipcp route default

ppp multilink

!

ip local pool vpn-pptp 10.13.0.9 10.13.0.14

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxx

no ip http server

no ip http secure-server

!

!

radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813

radius-server timeout 3

radius-server key 7 ****************

radius-server vsa send accounting

radius-server vsa send authentication

!

control-plane

!

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

password 7 ****************************

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password 7 ****************************

transport input ssh

!

End

 

Thank´s in advance

 

 

 

 

 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list