01-13-2009 11:38 AM
Router is 2600 with 12.3 IOS
I can't get my PPP sessions that are dialing in to use the defined radius server. Sessions connect, but don't authenticate. All this will be used for is emergency dialin.
What am I missing here?
doing a sho radius stats shows zero packets being exchanged between radius server and router.
thanks
----
aaa new-model
!
!
aaa group server radius radservers
server 192.168.99.49 auth-port 1645 acct-port 1646
!
aaa authentication login no_radius local enable
aaa authentication ppp default group radius group radservers
aaa authorization network default if-authenticated group radservers
aaa session-id common
ip subnet-zero
ip cef
!
!
ip domain name xxx.xxx.com
ip name-server 192.168.99.75
ip name-server 10.122.20.10
!
async-bootp dns-server 192.168.99.75 10.122.20.10
async-bootp nbns-server 192.168.99.49 10.192.20.10
!
!
!
!
interface Loopback0
ip address 192.168.98.1 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.99.12 255.255.255.0
half-duplex
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache cef
no ip route-cache
ip tcp header-compression passive
dialer in-band
dialer idle-timeout 600
dialer-group 1
async mode interactive
peer default ip address pool pool0
ppp authentication pap
!
ip local pool pool0 192.168.98.2 192.168.98.100
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.99.1
!
!
ip radius source-interface Ethernet0/0
logging trap debugging
logging 192.168.99.15
access-list 66 deny any
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
snmp-server enable traps tty
radius-server timeout 1
radius-server key changeme
!
line con 0
logging synchronous
line 33 40
modem Dialin
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
01-13-2009 02:24 PM
updated config
fyi, if I have Winxp do a "pop-up" window after modem connects, I don't get ppp characters, but am prompted for username..
This makes no sense since I am forcing the connection to PPP in the Async group.
------------------
aaa new-model
!
!
aaa group server radius radservers
server 192.168.99.49 auth-port 1645 acct-port 1646
!
aaa authentication login no_radius enable
aaa authentication ppp dialins group radius group radservers
aaa authorization network default if-authenticated group radservers
aaa session-id common
ip subnet-zero
ip cef
!
!
ip domain name bigdomain.com
ip name-server 192.168.99.75
ip name-server 10.122.20.10
!
async-bootp dns-server 192.168.99.75 10.122.20.10
async-bootp nbns-server 192.168.99.49 10.192.20.10
!
!
!
!
interface Loopback0
ip address 192.168.98.1 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.99.12 255.255.255.0
half-duplex
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache cef
no ip route-cache
ip tcp header-compression passive
dialer in-band
dialer idle-timeout 600
dialer-group 1
async mode dedicated
peer default ip address pool pool0
ppp authentication pap chap ms-chap ms-chap-v2 callin dialins
!
ip local pool pool0 192.168.98.2 192.168.98.100
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.99.1
!
!
ip radius source-interface Ethernet0/0
logging trap debugging
logging 192.168.99.15
access-list 66 deny any
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
snmp-server enable traps tty
radius-server timeout 30
radius-server key cisco
!
line con 0
logging synchronous
line 33 40
modem Dialin
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
login authentication no_radius
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide