Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2511 Dialup configuration advice

Hi,

We currently employ a 2511 cisco router to cater for our dialup users. I recently have been given the tast to look after it. I want to do some changes and will need some configuration tips. Currently we have to set-up DNS and Wins information on each dialup client.

I want to totally change all these. I want my router to be a DHCP server and users log in get authenticated using a Radius server. So its gonna be like this: When a user dial in, he is automatically assigned an IP address, DNS and Wins and Gateway. Then is get authenticated on the radius then logged in. I want his IP range : 10.1.86.1 to 10.1.86.16. My DNS will be 10.1.85.156 and wins will be 10.1.85.159

Currently this is the configuration on my router and was done by someone not working here anymore. Unfortunately it was not well documented:

SuvaDialUpRouter01#sho conf

Using 8825 out of 32762 bytes

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname SuvaDialUpRouter01

!

aaa new-model

aaa authentication local-override

aaa authentication login use-radius radius local

aaa authentication ppp use-radius if-needed radius local

aaa authorization exec radius local if-authenticated

aaa authorization network radius local if-authenticated

enable secret 5 $1$6jak$0rKVDj1H51I12s/IqwKjA/

!

no ip source-route

ip domain-list itc.gov.fj

ip domain-list govnet.gov.fj

ip domain-list itc

ip domain-list govnet

ip host dupc01 10.1.86.1

ip host dupc02 10.1.86.2

ip host dupc03 10.1.86.3

ip host dupc04 10.1.86.4

ip host dupc05 10.1.86.5

ip host dupc06 10.1.86.6

ip host dupc07 10.1.86.7

ip host dupc08 10.1.86.8

ip host dupc09 10.1.86.9

ip host dupc10 10.1.86.10

ip host dupc11 10.1.86.11

ip host dupc12 10.1.86.12

ip host dupc13 10.1.86.13

ip host dupc14 10.1.86.14

ip host dupc15 10.1.86.15

ip host dupc16 10.1.86.16

ip domain-name itc.gov.fj

ip name-server 10.1.85.156

ip name-server 10.1.85.158

ip address-pool local

chat-script cisco-default ABORT ERROR "" "AT Z" OK "ATDT \T" TIMEOUT 30 \c CONNc

!

interface Ethernet0

ip address 10.1.85.2 255.255.255.0

ip broadcast-address 10.1.85.255

no ip mroute-cache

no ip route-cache

!

interface Virtual-Template18

no ip address

no ip mroute-cache

no cdp enable

!

interface Serial0

no ip address

no ip mroute-cache

no ip route-cache

no keepalive

shutdown

no fair-queue

!

interface Serial1

no ip address

no ip mroute-cache

no ip route-cache

no keepalive

shutdown

no fair-queue

!

interface Async1

description 309-220

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.1

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async2

description 309-428

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.2

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async3

description 309-221

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.3

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async4

description 308-070

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.4

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async5

description 302-166

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.5

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async6

description 308-575

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.6

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async7

description 308-633

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.7

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async8

description 305-251

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.8

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async9

description 308-509

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.9

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async10

description 305-151

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.10

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async11

description 308-701

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.11

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async12

description 308-193

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.12

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async13

description 308-113

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.13

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async14

description 311-176

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.14

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async15

description 311-753

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.15

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Async16

description 307-235

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address 10.1.86.16

no cdp enable

ppp reliable-link

ppp authentication chap use-radius

!

interface Group-Async1

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async2

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async3

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async4

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async5

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async6

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async7

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async8

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async9

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async10

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async11

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async12

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async13

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async14

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async15

no ip address

encapsulation ppp

no cdp enable

!

interface Group-Async16

no ip address

encapsulation ppp

no cdp enable

!

ip default-gateway 10.1.85.22

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.85.22

radius-server host 10.1.85.156 auth-port 1645 acct-port 1646

radius-server key RoLalabalavu29

!

line con 0

line 1 16

autobaud

autoselect during-login

script dialer cisco-default

login authentication use-radius

modem InOut

transport input all

flowcontrol hardware

line aux 0

transport input all

line vty 0 4

!

end

Hope someone will help me. I would appreciate if suggestion are send over e-mail and my e-maill address is utawakevou@itc.gov.fj

Thanks

5 REPLIES
Cisco Employee

Re: 2511 Dialup configuration advice

Instead of configuring seperate async interface, its better to have all of them grouped in in group-async interface..Also make sure that you have radius server configured correctly..so in your case the config should look like this

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname SuvaDialUpRouter01

!

aaa new-model

aaa authentication local-override

aaa authentication login use-radius radius local

aaa authentication ppp use-radius if-needed radius local

aaa authorization exec radius local if-authenticated

aaa authorization network radius local if-authenticated

enable secret 5 $1$6jak$0rKVDj1H51I12s/IqwKjA/

!

ip name-server 10.1.85.156

!

async-bootp dns-server 10.1.85.156

async-bootp nbns-server 10.1.85.189

!

interface Ethernet0

ip address 10.1.85.2 255.255.255.0

ip broadcast-address 10.1.85.255

no ip mroute-cache

no ip route-cache

!

interface Serial0

no ip address

no ip mroute-cache

no ip route-cache

no keepalive

shutdown

no fair-queue

!

interface Serial1

no ip address

no ip mroute-cache

no ip route-cache

no keepalive

shutdown

no fair-queue

!

Interface Group-async 1

ip unnumbered Ethernet0

no ip mroute-cache

encapsulation ppp

no ip route-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address pool dialin

ppp reliable-link

ppp authentication chap use-radius

group-range 1 16

!

ip local pool dialin 10.86.1.1 10.86.1.16

!

!

ip default-gateway 10.1.85.22

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.85.22

radius-server host 10.1.85.156 auth-port 1645 acct-port 1646

radius-server key RoLalabalavu29

!

line con 0

line 1 16

autoselect during-login

autoselect ppp

script dialer cisco-default

login authentication use-radius

modem InOut

transport input all

flowcontrol hardware

line aux 0

transport input all

line vty 0 4

!

end

Thanks..Tejal

New Member

Re: 2511 Dialup configuration advice

Thanks for the tip. I did manage to change but I still havent tested it. However I did forgot to put in a username and password. When I telnet to the ethernet port it prompts me with a username and password. I did forgot to put this in. When I connect to the console port it didnt prompt me with any mode.

How can I log in and add a username and password for management purpose ?

Cisco Employee

Re: 2511 Dialup configuration advice

you can add following if you want to configure local users on the router for telnet authentication

username cisco password cisco

aaa authentication login vtyline local

line vty 0 4

login authentication vtyline

password cisco

but if you want the users to be authenticated via radius, change the aaa line to following, but make sure you have the correct profile on the radius server first;

aaa authentication login vtyline radius local

the above will send a request to the radius server when you try to telnet, if radius server is down, then it will fallback to local username configured on the router.

Here is a good document for this, check out the router authentication section;

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c4.htm

HTH

R/Yusuf

New Member

Re: 2511 Dialup configuration advice

I manage to add username and password thanks for the input. I did change the configuration to the one recommended by tpatel. This is my configuration.

SuvaDialUpRouter02#sho conf

Using 1939 out of 32762 bytes

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname SuvaDialUpRouter02

!

aaa new-model

aaa authentication login use-radius local radius

aaa authentication ppp use-radius if-needed local radius

aaa authorization exec radius local if-authenticated

aaa authorization network radius local if-authenticated

enable secret 5 $1$bqWV$wMaKBOd6n4jimQWbzn.g0.

enable password 7 045802150C2E

!

username usaia password 7 104D011C061C1B1F03113E

ip name-server 10.1.85.156

async-bootp dns-server 10.1.85.156

async-bootp nbns-server 10.1.85.156

!

!

interface Ethernet0

ip address 10.1.85.3 255.255.0.0

no mop enabled

!

interface Serial0

no ip address

no ip mroute-cache

shutdown

!

interface Serial1

no ip address

shutdown

!

interface Group-Async1

ip unnumbered Ethernet0

encapsulation ppp

no ip route-cache

no ip mroute-cache

keepalive 10

async dynamic address

async mode interactive

peer default ip address pool dialin

ppp reliable-link

ppp authentication chap use-radius

group-range 1 16

!

ip local pool dialin 10.1.86.65 10.1.86.80

ip default-gateway 10.1.85.22

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.85.22

!

no logging monitor

radius-server host 10.1.85.156 auth-port 1645 acct-port 1646

no radius-server attribute nas-port

radius-server key Rolalabalavu29

!

line con 0

line 1 16

autoselect during-login

autoselect ppp

script dialer cisco-default

login authentication use-radius

modem InOut

transport input all

flowcontrol hardware

line aux 0

line vty 0 4

password 7 15181E1F102E242D3C

!

end

I did try and add this line "aaa authentication local-override " but I didnt see it when i do a show running. Could this contribute to my dialing in problem ?

When I test by dialing in I cant connect. It says "Disconnected Error 721: The remote computer is not responding"

If you think the router configuration is OK, I can send the radius server settings and the client end settings over e-mail in a word document attachment. I really need this to be working. My e-mail is utawakevou@itc.gov.fj

Thank you in advance

New Member

Re: 2511 Dialup configuration advice

Manage t ogo through. It was a case sensitive issue for the radius server key between the router and the radius server. Thanks very much tapatel for the config.

Regards

308
Views
0
Helpful
5
Replies