Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
2
Replies

2620 - How to Authenticate in different group without dnis.

Go to solution
lwahlers
Level 1
Level 1

‎11-01-2002 12:02 AM - edited ‎03-02-2019 02:33 AM

How do I configure a 2600 with 8 Analog modems to

use different authentication groups, depending on what modem (what

async-group) the call is coming in?

The Telco switch in use does not forward any dnis information so we cannot use that information to authenticate the user - according to which number the user dials.

Sample config as follows: Radius group definition not shown, but correct

and working, since default list is selected for all incoming calls, and if

the user is from group one, authentication works.

aaa authentication ppp default group one

aaa authentication ppp one group one

aaa authentication ppp two group two

interface Group-Async1

ip unnumbered Loopback0

ip access-group anti-spoofing in

no ip redirects

no ip proxy-arp

encapsulation ppp

no logging event link-status

async mode dedicated

no snmp trap link-status

peer default ip address pool one

ppp authentication chap

ppp authorization one

group-range 33 35

interface Group-Async2

ip unnumbered Loopback0

ip access-group anti-spoofing in

no ip redirects

no ip proxy-arp

encapsulation ppp

no logging event link-status

async mode dedicated

no snmp trap link-status

peer default ip address pool two

ppp authentication chap

ppp authorization two

group-range 36 38

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tepatel
Cisco Employee
Cisco Employee

‎11-01-2002 08:54 AM

You need to use different authentication scheme for different group-async interface..Since you have analog modems, you may have a different telephone lines with different telephone numbers for those modems so based on the number dialed, the modem will be picked (along with group-async interface) and authentication scheme will be applied..Since eachline is physically connected to the modem, you don't need to have dnis delivered..

So here is the modified sample config

interface Group-Async1

ip unnumbered Loopback0

ppp authentication chap one

ppp authorization one

group-range 33 35

interface Group-Async2

ip unnumbered Loopback0

ppp authentication chap two

ppp authorization two

group-range 36 38

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mljohnson
Level 4
Level 4

‎11-01-2002 08:52 AM

"ppp authentication chap one". I think the list option may not show up.

0 Helpful

Go to solution
tepatel
Cisco Employee
Cisco Employee

‎11-01-2002 08:54 AM

You need to use different authentication scheme for different group-async interface..Since you have analog modems, you may have a different telephone lines with different telephone numbers for those modems so based on the number dialed, the modem will be picked (along with group-async interface) and authentication scheme will be applied..Since eachline is physically connected to the modem, you don't need to have dnis delivered..

So here is the modified sample config

interface Group-Async1

ip unnumbered Loopback0

ppp authentication chap one

ppp authorization one

group-range 33 35

interface Group-Async2

ip unnumbered Loopback0

ppp authentication chap two

ppp authorization two

group-range 36 38

0 Helpful
Customers Also Viewed These Support Documents