Solved: ISDN Router config check, please comment.

ddnicholls · ‎05-14-2003

I've had a couple of goes at getting this config correct and am running out of chances. Before I test this in the real world, I'd appreciate it if someone could tell me whether this looks as though it will work.

It is an ISDN hub router simply receiving calls from ISDN spoke routers and passing on the authentication to a Radius server. I am interested in any suggestions, but especially whether the dialer/serial int config is correct.

Thanks,

Dean.

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname mel04

!

logging rate-limit console 10 except errors

aaa new-model

aaa authentication login default group radius

aaa authentication login NO_RADIUS local

aaa authentication ppp default group radius

aaa authorization exec default group radius

aaa authorization exec NO_RADIUS local

aaa authorization network default local group radius

aaa accounting send stop-record authentication failure

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

enable password 7 045E1B570C345E4B

!

username root password 7 151C0E07102B39

ip subnet-zero

!

no ip finger

no ip domain-lookup

ip name-server 202.81.96.82

!

isdn switch-type primary-net5

!

controller E1 1/0

pri-group timeslots 1-31

!

interface Ethernet0/0

description Connected to HP Switch on mel04 VLAN

ip address 202.81.105.66 255.255.255.252

full-duplex

!

interface Ethernet0/1

no ip address

shutdown

half-duplex

!

interface Serial1/0:15

no ip address

dialer rotary-group 1

isdn switch-type primary-net5

isdn T310 30000

no cdp enable

!

interface Dialer0

no ip address

no cdp enable

!

interface Dialer1

description connected to dial in PCs(ISDN)

no ip address

encapsulation ppp

no ip split-horizon

dialer in-band

dialer-group 1

peer default ip address pool mel04-Group-1

ppp authentication chap pap callin

ppp multilink

!

ip local pool mel04-Group-1 203.81.106.1 203.81.106.30

ip classless

ip default-network 202.81.105.0

ip route 0.0.0.0 0.0.0.0 202.81.105.65

ip http server

!

snmp-server community public RO

snmp-server location Richmond

radius-server host 202.81.96.93 auth-port 1645 acct-port 1646 key 7 050C051B285F

5E

radius-server retransmit 3

!

line con 0

exec-timeout 0 0

password 7 11071C0E031319

transport input none

line aux 0

line vty 0 4

password 7 06080A2A584F1B

authorization exec NO_RADIUS

login authentication NO_RADIUS

!

no scheduler allocate

end

mel04#

mark-obrien · ‎05-14-2003

You need to assign an IP address to the Dialer 1 interface. Also, make sure other routers on your network know how to reach the addresses in your pool, mel04-Group-1.

Mark

View solution in original post

jasyoung · ‎05-14-2003

Some notes:

You should have an IP address on the Dialer1 interface. Setting it to "ip unnumbered Ethernet0/0" is acceptable as well.

Consider setting 'ppp multilink bap' to support dynamically adding and removing a second channel for clients that support BAP.

You probably need something like "dialer-list 1 protocol ip permit" or "dialer-list 1 protocol ip list [an access list]" in order to pass any IP traffic on that interface.

If it doesn't work after changing the above, we'll need to know exactly what happens when you try. Include the output of "debug aaa authentication", "debug aaa authorization", and "debug ppp negotiation".

ddnicholls · ‎05-14-2003

Thanks very much guys, much appreciated, will let you know how it goes.

Dean

mark-obrien · ‎05-14-2003

You need to assign an IP address to the Dialer 1 interface. Also, make sure other routers on your network know how to reach the addresses in your pool, mel04-Group-1.

Mark