Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

2620 - How to Authenticate in different group without dnis.

How do I configure a 2600 with 8 Analog modems to

use different authentication groups, depending on what modem (what

async-group) the call is coming in?

The Telco switch in use does not forward any dnis information so we cannot use that information to authenticate the user - according to which number the user dials.

Sample config as follows: Radius group definition not shown, but correct

and working, since default list is selected for all incoming calls, and if

the user is from group one, authentication works.

aaa authentication ppp default group one

aaa authentication ppp one group one

aaa authentication ppp two group two

interface Group-Async1

ip unnumbered Loopback0

ip access-group anti-spoofing in

no ip redirects

no ip proxy-arp

encapsulation ppp

no logging event link-status

async mode dedicated

no snmp trap link-status

peer default ip address pool one

ppp authentication chap

ppp authorization one

group-range 33 35

interface Group-Async2

ip unnumbered Loopback0

ip access-group anti-spoofing in

no ip redirects

no ip proxy-arp

encapsulation ppp

no logging event link-status

async mode dedicated

no snmp trap link-status

peer default ip address pool two

ppp authentication chap

ppp authorization two

group-range 36 38

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 2620 - How to Authenticate in different group without dnis.

You need to use different authentication scheme for different group-async interface..Since you have analog modems, you may have a different telephone lines with different telephone numbers for those modems so based on the number dialed, the modem will be picked (along with group-async interface) and authentication scheme will be applied..Since eachline is physically connected to the modem, you don't need to have dnis delivered..

So here is the modified sample config

interface Group-Async1

ip unnumbered Loopback0

ppp authentication chap one

ppp authorization one

group-range 33 35

interface Group-Async2

ip unnumbered Loopback0

ppp authentication chap two

ppp authorization two

group-range 36 38

2 REPLIES
Bronze

Re: 2620 - How to Authenticate in different group without dnis.

"ppp authentication chap one". I think the list option may not show up.

Cisco Employee

Re: 2620 - How to Authenticate in different group without dnis.

You need to use different authentication scheme for different group-async interface..Since you have analog modems, you may have a different telephone lines with different telephone numbers for those modems so based on the number dialed, the modem will be picked (along with group-async interface) and authentication scheme will be applied..Since eachline is physically connected to the modem, you don't need to have dnis delivered..

So here is the modified sample config

interface Group-Async1

ip unnumbered Loopback0

ppp authentication chap one

ppp authorization one

group-range 33 35

interface Group-Async2

ip unnumbered Loopback0

ppp authentication chap two

ppp authorization two

group-range 36 38

112
Views
0
Helpful
2
Replies
CreatePlease to create content