11-01-2002 12:02 AM - edited 03-02-2019 02:33 AM
How do I configure a 2600 with 8 Analog modems to
use different authentication groups, depending on what modem (what
async-group) the call is coming in?
The Telco switch in use does not forward any dnis information so we cannot use that information to authenticate the user - according to which number the user dials.
Sample config as follows: Radius group definition not shown, but correct
and working, since default list is selected for all incoming calls, and if
the user is from group one, authentication works.
aaa authentication ppp default group one
aaa authentication ppp one group one
aaa authentication ppp two group two
interface Group-Async1
ip unnumbered Loopback0
ip access-group anti-spoofing in
no ip redirects
no ip proxy-arp
encapsulation ppp
no logging event link-status
async mode dedicated
no snmp trap link-status
peer default ip address pool one
ppp authentication chap
ppp authorization one
group-range 33 35
interface Group-Async2
ip unnumbered Loopback0
ip access-group anti-spoofing in
no ip redirects
no ip proxy-arp
encapsulation ppp
no logging event link-status
async mode dedicated
no snmp trap link-status
peer default ip address pool two
ppp authentication chap
ppp authorization two
group-range 36 38
Solved! Go to Solution.
11-01-2002 08:54 AM
You need to use different authentication scheme for different group-async interface..Since you have analog modems, you may have a different telephone lines with different telephone numbers for those modems so based on the number dialed, the modem will be picked (along with group-async interface) and authentication scheme will be applied..Since eachline is physically connected to the modem, you don't need to have dnis delivered..
So here is the modified sample config
interface Group-Async1
ip unnumbered Loopback0
ppp authentication chap one
ppp authorization one
group-range 33 35
interface Group-Async2
ip unnumbered Loopback0
ppp authentication chap two
ppp authorization two
group-range 36 38
11-01-2002 08:52 AM
"ppp authentication chap one". I think the list option may not show up.
11-01-2002 08:54 AM
You need to use different authentication scheme for different group-async interface..Since you have analog modems, you may have a different telephone lines with different telephone numbers for those modems so based on the number dialed, the modem will be picked (along with group-async interface) and authentication scheme will be applied..Since eachline is physically connected to the modem, you don't need to have dnis delivered..
So here is the modified sample config
interface Group-Async1
ip unnumbered Loopback0
ppp authentication chap one
ppp authorization one
group-range 33 35
interface Group-Async2
ip unnumbered Loopback0
ppp authentication chap two
ppp authorization two
group-range 36 38
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide