ISDN dialin

Unanswered Question
Mar 6th, 2007

How would I configure ISDN dialin for users on a 3640 Router?

We have a seperate server that does the auth so basically, the router must accept the connection, not auth it locally but send it on to the auth server to verify and send back to the user.

At the moment connections are working for analogue users but not ISDN users. I cannot get this working at all.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
bradlesliect Tue, 03/06/2007 - 22:25

If you can tell me which part of the config you want to see, I'll post it.

spremkumar Tue, 03/06/2007 - 22:28

Hi Brad

Can you post the config of the AAA part as well as the dialer part...


bradlesliect Tue, 03/06/2007 - 22:54


aaa group server radius dialin

server auth-port 1645 acct-port 1646


aaa authentication ppp default local

aaa authentication ppp RADIUS group dialin local

aaa session-id common


interface Serial1/1:15

description isdn-pri

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

dialer pool-member 1

dialer pool-member 200

isdn switch-type primary-net5

isdn incoming-voice modem

isdn calling-number 1900

peer default ip address pool dialin

no cdp enable

ppp authentication pap chap callin


hope this helps....

This is the ASYNC interface for Analogue users.


interface Group-Async1

ip unnumbered FastEthernet0/0

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

no ip mroute-cache

load-interval 30

dialer in-band

dialer idle-timeout 0

async mode interactive

peer default ip address pool dialin

ppp authentication pap chap ms-chap RADIUS

group-range 97 114


dgahm Tue, 03/06/2007 - 22:08


A debug ppp authentication might give you some clues.

Are you sure it is the authentication that is broke? Have you tried configuring a local username and password?

Posting your configuration would be helpful.


bradlesliect Tue, 03/06/2007 - 22:45

Attached a debug aaa author. The router should be sending the auth request on to a router which sits on our network and then back to the router and back to the user.

Could this be a timeout problem?

spremkumar Tue, 03/06/2007 - 23:02

Hi Brad

In your AAA Config you have the below line mentioned in your config which i feel overtakes your Radius group config..

aaa authentication ppp default local ..

do remove this line from your config and check..

Also make sure once you remove the line you have the other line mentioning the radius group available in the config..

As far as the authentication for ASYNC is concern i can see the Radius mode of authentication mentioned under the same...

I feel thats the reason your ASYNC dialin users doesnt face any issues in getting authenticated..


bradlesliect Tue, 03/06/2007 - 23:15

We have dialers created for our client routers as isdn backup on this router as well as usernames for client routers. is that not the reason why we have that statement?

spremkumar Tue, 03/06/2007 - 23:27

Hi Brad

Did you try removing as per my previous post ?

Also can you post the config of the respective dialer configs configured for the customers..


bradlesliect Tue, 03/06/2007 - 23:44

did not remove ...are you sure it wont break the customer dial ups?


interface Dialer5

description customer-backup

ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

no ip split-horizon

dialer pool 1

dialer remote-name

dialer idle-timeout 180

dialer-group 1

no cdp enable

ppp authentication pap

ppp chap refuse

ppp multilink bap

ppp multilink links maximum 2

ppp multilink links minimum 2

ppp multilink endpoint string customer-backup



username password


ip route Dialer5 240

spremkumar Tue, 03/06/2007 - 23:55

Hi Brad

If you want your remote cutsomers to get authenticated from your radius server then remove the AAA config line as well as the username /password configured in your router.

But do make sure that you have the username/password info available in your radius server so that they can get connected without any issues..

I would suggest to get the same tested with a simple test setup before implementing for a live customer.

Do create a dialer and configure it for a test dialin also create username/password credentials in the radius server for the test setup.

once you are done remove the AAA config line and try to connect to your 3640 router.

That will help you out to migrate the authentication for the customers from normal local database to Radius..


bradlesliect Wed, 03/07/2007 - 00:57

Step 1 - Create dialer

Step 2 - create username on radius server

Step 3 - remove AAA config line

What about the dialer created on the Client router? Does that stay as is?

If the above steps work then we have no need for dialers any longer ....right?

spremkumar Wed, 03/07/2007 - 04:03

Hi Brad

I did quote to do out a test setup with your own routers.

Do simulate a client config in your own test router and try connecting with that.

I have told to create new dialer for the test dial up to be done from the test router.



This Discussion