Question for those more savvy on the CCO site than myself. I have a Cisco 1750 running 12.1(5) T10 as an L2TP LNS. I am pointing all AAA requests to various RADIUS servers via Virtual IP's on the AAA boxes themselves.
Using 12.0(5), I had no problem with auth-requests sect to the Virtual Interface IP as the destination address and the auth-accepts coming back from the actual IP of the server as source IP.
Using 12.1(5), I am failing authentication because the router is not seeing the auth-accept. Instead of listening by port, it seems to be listening for the auth-accept coming from the IP address the router sent the request to.
I'm not sure if this is correct or a bug. I haven't seen anything about it listed in the release notes for 12.1(5) but then, as I stated before, I'm not real savvy with searching the CCO. I wanted to see if anyone out there had any feedback before opening a case.
Re: AAA authentication difference in 12.0 and 12.1
Interesting. It looks like CSCdm77323 added code to check the address fields for the RADIUS packets; this came in 12.0(6.3)T. However, we then saw that this was not the right thing to do, and so removed that portion of code with CSCdp17083 in 12.0(7.2). I see no indication that this "dance" effected 12.1 at all, so 12.1 should be fine. You may want to open a case with the TAC to have this problem purused further.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.