Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connection to AS5300 , no AAA

I have some problems and I need your help.

I have an AS5300 with AAA to RADIUS. For this DNIS the users dial 5387-2001, this is a resource to connect to internet, and I have other resource where users dial 5387-2020. This last number also has to connect to internet.

My question is how do I configure the AS5300 so that only those users who dial 5387-2020 do not need authentication?

This is my configuration.

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname dialup1-mx

!

no logging console

aaa new-model

aaa authentication login default group radius

aaa authentication login no_radius enable

aaa authentication login no_consola enable

aaa authentication ppp default if-needed group radius

aaa dnis map enable

aaa dnis map 2001 authentication ppp group radius

aaa dnis map 2001 accounting network start-stop group radius

aaa dnis map 2010 authentication ppp group radius

aaa dnis map 2010 accounting network start-stop group radius

aaa dnis map 2020 authentication ppp group radius

aaa dnis map 2020 accounting network start-stop group radius

enable secret 5xxxxxxx

!

spe 1/0 1/9

firmware location flash:mica-modem-pw.2.7.3.0.bin

!

!

resource-pool enable

resource-pool call treatment resource busy

resource-pool call treatment profile no-answer

!

resource-pool group resource protel-inext

range port 1/0 1/20

!

resource-pool group resource clientes-internet

range port 1/21 1/100

!

resource-pool group resource cliente-ewi

range port 1/101 1/119

!

resource-pool profile vpdn vpdn-ewi

limit base-size all

limit overflow-size 0

vpdn group ewi-vpdn-group

!

resource-pool profile vpdn vpdn-inext

limit base-size all

limit overflow-size 0

vpdn group protel-vpdn-group

!

resource-pool profile customer protel-corporativo

limit base-size all

limit overflow-size 0

resource protel-inext speech service protel-service

dnis group vpdn-dnis-group

vpdn profile vpdn-inext

!

resource-pool profile customer internet-inext

limit base-size all

limit overflow-size 0

resource clientes-internet speech service internet-service

dnis group internet-dnis-group

!

resource-pool profile customer cliente-ewi

limit base-size all

limit overflow-size 0

resource cliente-ewi speech service ewi-service

dnis group vpdn-dnis-group-ewi

vpdn profile vpdn-ewi

!

resource-pool profile service protel-service

modem min-speed 9600 max-speed any

!

resource-pool profile service internet-service

modem min-speed 9600 max-speed any

!

resource-pool profile service ewi-service

modem min-speed 9600 max-speed any

!

clock timezone CST -6

clock summer-time CST recurring

clock calendar-valid

ip subnet-zero

ip domain-name redip.protel.net.mx

ip name-server 172.16.10.201

!

vpdn enable

vpdn source-ip xx.xx.135.220

!

vpdn-group ewi-vpdn-group-ewi

request-dialin

protocol l2tp

dnis vpdn-dnis-group-ewi

initiate-to ip x.x.189.28

local name dialup1-mx

!

vpdn-group protel-vpdn-group

request-dialin

protocol l2tp

dnis vpdn-dnis-group

initiate-to ip x.x.111.243

local name dialup1-mx

l2tp tunnel password xxxx

!

async-bootp dns-server x.x.136.1 200.52.138.230

mta receive maximum-recipients 0

!

controller E1 0

framing NO-CRC4

clock source line primary

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 1

framing NO-CRC4

clock source line secondary 1

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 2

framing NO-CRC4

clock source line secondary 2

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 3

framing NO-CRC4

clock source line secondary 3

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 4

framing NO-CRC4

clock source line secondary 4

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 5

framing NO-CRC4

clock source line secondary 5

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description Ruta AXE pnetxp1 RP 108 EM 4

!

controller E1 6

shutdown

clock source line secondary 6

!

controller E1 7

framing NO-CRC4

clock source line secondary 7

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description Enlace E1 via Apex /Servicio Internet/ Movil 01-800

!

!

!

!

!

interface Loopback0

no ip address

!

interface Ethernet0

no ip address

no ip route-cache

no ip mroute-cache

shutdown

no cdp enable

!

interface FastEthernet0

ip address x.x.x.220 255.255.255.192

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

no cdp enable

!

interface Group-Async1

description Servicio VPDN

ip unnumbered FastEthernet0

encapsulation ppp

async default routing

async mode interactive

no snmp trap link-status

no cdp enable

ppp authentication chap

group-range 1 21

!

interface Group-Async2

ip unnumbered FastEthernet0

encapsulation ppp

async default routing

--More-- async mode interactive

no snmp trap link-status

peer default ip address pool default

no cdp enable

ppp authentication chap

group-range 22 101

!

interface Group-Async3

description Servicio VPDN-Cliente-EWI

ip unnumbered FastEthernet0

encapsulation ppp

async default routing

async mode interactive

no snmp trap link-status

no peer default ip address

no cdp enable

ppp authentication chap

group-range 102 120

!

router ospf 5

log-adjacency-changes

area 51 authentication message-digest

area 51 nssa

redistribute static subnets

network x.x.x.192 0.0.0.63 area 51

!

ip local pool default x.x.x.193 200.52.131.250

ip classless

ip route x.x.x.192 255.255.255.192 Null0

no ip http server

!

ip radius source-interface FastEthernet0

access-list 10 permit x.x.111.206

access-list 10 permit x.x.135.45

access-list 10 permit x.x.135.225

access-list 10 permit 172.16.10.4

access-list 10 permit 172.16.10.5

access-list 10 permit 172.16.10.15

access-list 10 permit 172.16.10.101

--More-- access-list 51 permit 65.125.189.28

access-list 51 deny any

access-list 71 deny any

access-list 72 permit x.x.143.99

access-list 72 deny any

access-list 101 deny 55 any any

access-list 101 deny 77 any any

access-list 101 deny pim any any

access-list 101 permit ip any any

!

Thanks

1 REPLY
New Member

Re: Connection to AS5300 , no AAA

I have some problems and I need your help.

I have an AS5300 with AAA to RADIUS. For this DNIS the users dial 5387-2001, this is a resource to connect to internet, and I have other resource where users dial 5387-2020. This last number also has to connect to internet.

My question is how do I configure the AS5300 so that only those users who dial 5387-2020 do not need authentication?

208
Views
0
Helpful
1
Replies