Cisco Support Community
Community Member

callback and normal dialup with 2611 using tacacs+ ACS windows based

i have a problem with using callback and normal dialup,i have 2611 router with the below config.i am using tacacs+ for authentication with ACS with windows this i have 250 users from which i wana give callback facility to 50 users and rest of as normal.

when i use " aaa authorization network default group tacacs+ local " with below config the users with callback getting callback and access to office network but the normal users are not getting normal dialup.

i am aiting for your reply and suggestions

router01#sh run

Building configuration...

Current configuration:


version 12.0

service exec-callback

service timestamps debug uptime

service timestamps log uptime

service password-encryption


hostname router01


aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login no_tacacs enable

aaa authentication ppp default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

enable secret 5 $1$9.Tm$M/E5GMrqHze7AmqeOObux0

enable password 7 104D000A0618


username abc password 7 04480A04

username admin privilege 15 password 7 04481C030A351D1F5A





ip subnet-zero

ip domain-name domain

ip name-server

ip name-server


chat-script offhook "" "ATH1" OK

chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 30 CO





interface FastEthernet0/0

ip address

no ip directed-broadcast

duplex auto

speed auto


interface Serial0/0

no ip address

no ip directed-broadcast

no ip mroute-cache


no fair-queue


interface Serial0/1

no ip address

no ip directed-broadcast



interface Group-Async1

ip unnumbered FastEthernet0/0

no ip directed-broadcast

encapsulation ppp

no ip mroute-cache

carrier-delay msec 0

async mode interactive

peer default ip address pool default

compress stac

ppp callback permit

ppp authentication pap chap

group-range 33 48


ip local pool default

ip classless

ip route

no ip http server


tacacs-server host

tacacs-server key tackey


line con 0

login authentication no_tacacs

transport input none

line 33 48

autoselect during-login

autoselect ppp

script callback callback

modem InOut

modem autoconfigure discovery

transport input all

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

password 7 13061E010803



Cisco Employee

Re: callback and normal dialup with 2611 using tacacs+ ACS windo

The best way is to leave that "aaa authorization..." in the config and debug for the normal dialup call to know why its not working..The debug to turn on for a normal call (without callback)

debug ppp nego

debug chat

debug callback

debug ppp cbcp

debug aaa per

debug aaa authorization

Here is the sample config for that too.

Another way to configure is "ppp callback accept" under the interface group-async 1 and if you don't want callback for some users, pl. disable callback at the client side if possible.

OR you can also manage everything (callback and no callback) thru per user config from TACACS


Re: callback and normal dialup with 2611 using tacacs+ ACS windo

Based on username configure callback for a set of users & normal dialin for the rest on the tacacs server.

Thanks, Mak.

Community Member

Re: callback and normal dialup with 2611 using tacacs+ ACS windo

if i remove this "aaa authorization network default group tacacs+ local " from running config all the normal dialup users can connect easily but the callback users are not getting callback.but when i use this callback users are getting callback but normal dialup users are not getting connected.i aslo uset ppp callback accept with this but the same.

when i check the debug there is something with compression ccp and if i use static ip address for normal user its connecting.

CreatePlease to create content