AAA stopping ISDN backup

Unanswered Question
Feb 19th, 2008
User Badges:

Hi,


I've put AAA config on a load of routers but now it seems that ISDN backup does not work properly. the interfaces come up but they won't properly authenticate with the ISP and get an IP address.


I suspect that AAA is blocking this in some way. how can i get around this?


Here's a config.


xx

!

version 12.3

service nagle

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

service pt-vty-logging

!

hostname Hxxxxxxxx

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 debugging

enable secret 5 $1xxxx.mjf.

!

username hxxxm password 7 07x5F56

memory-size iomem 15

clock timezone GMT 0

clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

aaa new-model

!

!

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa session-id common

ip subnet-zero

no ip source-route

!

!

no ip domain lookup

!

ip cef

!

isdn switch-type basic-net3

!

!

!

interface ATM0/0

description connected to PSTN: 01xxxxxx591

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet0/0

ip address 10.16.111.1 255.255.255.0

no ip proxy-arp

speed auto

hold-queue 100 out

!

interface BRI1/0

description connected to ISDN: 0xxxxxxx4

no ip address

encapsulation ppp

dialer pool-member 2

isdn switch-type basic-net3

no fair-queue

no cdp enable

!

interface Dialer0

ip address negotiated

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname [email protected]

ppp chap password 7 1x3

ppp timeout idle 2147483

!

interface Dialer2

description backup-isdn

bandwidth 64

ip address negotiated

encapsulation ppp

dialer pool 2

dialer idle-timeout 60

dialer string 143xxxx2

dialer hold-queue 10

dialer load-threshold 200 either

dialer-group 1

no peer default ip address

no cdp enable

ppp authentication chap pap callin

ppp chap hostname [email protected]

ppp chap password 7 09xxxxxxF

ppp multilink

!

ip classless

ip route 0.0.0.0 0.0.0.0 80.xx.xx.xx

ip route 0.0.0.0 0.0.0.0 Dialer2 200

ip route 1.1.1.1 255.255.255.255 Dialer2

ip tacacs source-interface FastEthernet0/0

no ip http server

!

!

logging source-interface Dialer0


dialer-list 1 protocol ip permit

!

tacacs-server host 192.168.253.20

tacacs-server directed-request

tacacs-server key xxx




^C

!

line con 0

logging synchronous

line aux 0

line vty 0 4

exec-timeout 30 0

password 7 104

logging synchronous

!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion