02-19-2008 04:07 AM - edited 03-10-2019 03:39 PM
Hi,
I've put AAA config on a load of routers but now it seems that ISDN backup does not work properly. the interfaces come up but they won't properly authenticate with the ISP and get an IP address.
I suspect that AAA is blocking this in some way. how can i get around this?
Here's a config.
xx
!
version 12.3
service nagle
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service pt-vty-logging
!
hostname Hxxxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
enable secret 5 $1xxxx.mjf.
!
username hxxxm password 7 07x5F56
memory-size iomem 15
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
!
ip cef
!
isdn switch-type basic-net3
!
!
!
interface ATM0/0
description connected to PSTN: 01xxxxxx591
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0/0
ip address 10.16.111.1 255.255.255.0
no ip proxy-arp
speed auto
hold-queue 100 out
!
interface BRI1/0
description connected to ISDN: 0xxxxxxx4
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
no fair-queue
no cdp enable
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname soxxxl-xxnm@xxxxxt.co.uk
ppp chap password 7 1x3
ppp timeout idle 2147483
!
interface Dialer2
description backup-isdn
bandwidth 64
ip address negotiated
encapsulation ppp
dialer pool 2
dialer idle-timeout 60
dialer string 143xxxx2
dialer hold-queue 10
dialer load-threshold 200 either
dialer-group 1
no peer default ip address
no cdp enable
ppp authentication chap pap callin
ppp chap hostname soxxx1_hnm@vxxx.co.uk
ppp chap password 7 09xxxxxxF
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 80.xx.xx.xx
ip route 0.0.0.0 0.0.0.0 Dialer2 200
ip route 1.1.1.1 255.255.255.255 Dialer2
ip tacacs source-interface FastEthernet0/0
no ip http server
!
!
logging source-interface Dialer0
dialer-list 1 protocol ip permit
!
tacacs-server host 192.168.253.20
tacacs-server directed-request
tacacs-server key xxx
^C
!
line con 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 30 0
password 7 104
logging synchronous
!
02-25-2008 11:09 AM
Use this Diagnosing and Troubleshooting AAA Operations documents.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide