Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
1
Replies

Configuring ISDN Ras ability on a Cisco 3620

ahmoye
Level 1
Level 1

‎05-30-2002 04:03 AM - edited ‎03-01-2019 09:56 PM

Current the 3620 is configured from Aynch connection and DDR.

When attempting to configure the 3620 to accept calls the ISDN connection is established, authentication is successful but when it gets to "registering your computer on the network" the client gets ERROR 619: The Specified port is not connected" - WHAT CAN BE CAUSING THIS ERROR?

Looking at the debug output it looks like the authorisation is failing. We use Cisco ACS v2.6 for WinNT/2000 and the users authenticate against the SAM database.

Any suggestion would be appreciated.

-------------

Below is a truncated config and the debug output for more information:

CONFIGURATION OF CISCO 3620

!

version 12.1

no service single-slot-reload-enable

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname 3620_RAS

!

logging buffered 4096 debugging

logging rate-limit console 10 except errors

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login aaatacacs group tacacs+ line

aaa authentication login no_tacacs enable

aaa authentication enable default group tacacs+ enable

aaa authentication ppp default group tacacs+

aaa authentication ppp ISDN local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default if-authenticated group tacacs+

aaa authorization commands 1 default if-authenticated group tacacs+

aaa authorization commands 15 default if-authenticated group tacacs+

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

enable secret <omitted>

!

username site1 password <omitted>

username 3620_RAS password <omitted>

modem country mica united-kingdom

ip subnet-zero

!

!

no ip finger

!

virtual-profile if-needed

virtual-profile aaa

async-bootp gateway 172.16.13.254

async-bootp dns-server 172.16.4.1 172.16.4.5

async-bootp nbns-server 172.16.4.5

isdn switch-type primary-net5

chat-script mod "" "ATDT\T" TIMEOUT 60 CONNECT \C

!

!

controller E1 1/0

pri-group timeslots 1-25

!

controller E1 1/1

!

!

interface Loopback0

ip address 172.16.13.254 255.255.255.0

!

interface FastEthernet1/0

ip address 172.16.12.4 255.255.255.0

speed 100

full-duplex

!

interface Serial1/0:15

description +++ ISDN 30 with 24 channels +++

no ip address

encapsulation ppp

dialer pool-member 1

dialer pool-member 4

no snmp trap link-status

isdn switch-type primary-net5

isdn incoming-voice modem

ppp authentication chap pap

!

interface Group-Async1

ip unnumbered Loopback0

encapsulation ppp

carrier-delay msec 0

timeout absolute 120 0

dialer in-band

dialer idle-timeout 600

dialer-group 10

async mode interactive

peer default ip address pool Async-addr-pool

no fair-queue

ppp callback accept

ppp authentication ms-chap

group-range 1 30

!

interface Dialer1

ip address 172.16.14.29 255.255.255.252

encapsulation ppp

dialer pool 1

dialer remote-name site1

dialer idle-timeout 600

dialer string <omitted>

dialer load-threshold 150 outbound

dialer max-call 2

dialer-group 1

no cdp enable

ppp authentication chap ISDN

ppp multilink

!

interface Dialer4

description ++ ISDN RAS Configuration +++

ip unnumbered Loopback0

encapsulation ppp

dialer in-band

dialer idle-timeout 3600

dialer-group 4

peer default ip address pool async_addr_pool

no cdp enable

ppp authentication ms-chap

ppp multilink

!

router eigrp 10

redistribute static

passive-interface Serial1/0:15

passive-interface Group-Async1

passive-interface Dialer1

passive-interface Dialer4

network 172.16.0.0

no auto-summary

no eigrp log-neighbor-changes

!

ip local pool Async-addr-pool 172.16.13.1 172.16.13.50

ip classless

ip route 172.16.15.0 255.255.255.192 Dialer1

ip http server

!

no logging trap

access-list 100 permit ip any any

access-list 104 permit ip any any

dialer-list 4 protocol ip list 104

dialer-list 10 protocol ip list 100

tacacs-server host 172.16.4.5

tacacs-server key <omitted>

!

line con 0

exec-timeout 30 0

password <omitted>

transport input none

line 1 30

session-timeout 120

timeout login response 120

autoselect ppp

session-disconnect-warning 900

script callback mod

modem InOut

modem autoconfigure type mica

transport preferred none

transport input all

transport output pad v120 telnet rlogin udptn

callback forced-wait 5

line aux 0

line vty 0 4

exec-timeout 60 0

password <ommited>

login authentication aaatacacs

!

end

---------------------------------

DEBUG OUTPUT

ppp authentication

aaa authentication, authorization and accounting

May 30 10:48:24 172.16.12.4 2954: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): Port='Serial1/0:5' list='' service=NET

May 30 10:48:24 172.16.12.4 2955: *Mar 11 03:12:12: AAA/AUTHOR/VP: Se1/0:5 (4059451044) user='testuser'

May 30 10:48:24 172.16.12.4 2956: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): send AV service=ppp

May 30 10:48:24 172.16.12.4 2957: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): send AV protocol=ip

May 30 10:48:24 172.16.12.4 2958: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): found list "default"

May 30 10:48:24 172.16.12.4 2959: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): Method=tacacs+ (tacacs+)

May 30 10:48:24 172.16.12.4 2960: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (4059451044): user=testuser

May 30 10:48:24 172.16.12.4 2961: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (4059451044): send AV service=ppp

May 30 10:48:24 172.16.12.4 2962: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (4059451044): send AV protocol=ip

May 30 10:48:24 172.16.12.4 2963: *Mar 11 03:12:12: AAA/ACCT/DS0: channel=5, ds1=0, t3=0, slot=1, ds0=16777221

May 30 10:48:24 172.16.12.4 2964: *Mar 11 03:12:12: %ISDN-6-DISCONNECT: Interface Serial1/0:5 disconnected from 0123456789 testuser, call lasted 1 seconds

May 30 10:48:24 172.16.12.4 2965: *Mar 11 03:12:12: AAA/ACCT: user testuser, acct type 2 (3076794814): Method=tacacs+ (tacacs+)

May 30 10:48:24 172.16.12.4 2966: *Mar 11 03:12:12: TAC+: (4059451044): received author response status = PASS_ADD

May 30 10:48:24 172.16.12.4 2967: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR (4059451044): Post authorization status = PASS_ADD

May 30 10:48:24 172.16.12.4 2968: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): Port='Serial1/0:5' list='' service=NET

May 30 10:48:24 172.16.12.4 2969: *Mar 11 03:12:12: AAA/AUTHOR/VP: Se1/0:5 (68584559) user='testuser'

May 30 10:48:24 172.16.12.4 2970: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): send AV service=ppp

May 30 10:48:24 172.16.12.4 2971: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): send AV protocol=ipx

May 30 10:48:24 172.16.12.4 2972: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): found list "default"

May 30 10:48:24 172.16.12.4 2973: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): Method=tacacs+ (tacacs+)

May 30 10:48:24 172.16.12.4 2974: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (68584559): user=testuser

May 30 10:48:24 172.16.12.4 2975: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (68584559): send AV service=ppp

May 30 10:48:24 172.16.12.4 2976: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (68584559): send AV protocol=ipx

May 30 10:48:24 172.16.12.4 2977: *Mar 11 03:12:12: TAC+: (3076794814): received acct response status = SUCCESS

May 30 10:48:24 172.16.12.4 2978: *Mar 11 03:12:12: %LINK-3-UPDOWN: Interface Serial1/0:5, changed state to down

May 30 10:48:24 172.16.12.4 2979: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR: Duplicate per-user event LCP_DOWN ignored

May 30 10:48:24 172.16.12.4 2980: *Mar 11 03:12:12: AAA/ACCT/ACCT_DISC: Found list "default"

May 30 10:48:24 172.16.12.4 2981: *Mar 11 03:12:12: Serial1/0:5 AAA/DISC: 2/"Lost Carrier"

May 30 10:48:24 172.16.12.4 2982: *Mar 11 03:12:12: AAA/ACCT/ACCT_DISC: Found list "default"

May 30 10:48:24 172.16.12.4 2983: *Mar 11 03:12:12: Serial1/0:5 AAA/DISC/EXT: 1011/"Lost Carrier"

May 30 10:48:24 172.16.12.4 2984: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-bytes-in" to replace, adding it

May 30 10:48:24 172.16.12.4 2985: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-bytes-out" to replace, adding it

May 30 10:48:24 172.16.12.4 2986: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-paks-in" to replace, adding it

May 30 10:48:24 172.16.12.4 2987: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-paks-out" to replace, adding it

May 30 10:48:24 172.16.12.4 2988: *Mar 11 03:12:12: AAA/ACCT: no attribute "bytes_in" to replace, adding it

May 30 10:48:24 172.16.12.4 2989: *Mar 11 03:12:12: AAA/ACCT: no attribute "bytes_out" to replace, adding it

May 30 10:48:24 172.16.12.4 2990: *Mar 11 03:12:12: AAA/ACCT: no attribute "paks_in" to replace, adding it

May 30 10:48:24 172.16.12.4 2991: *Mar 11 03:12:12: AAA/ACCT: no attribute "paks_out" to replace, adding it

May 30 10:48:24 172.16.12.4 2992: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-session-time" to replace, adding it

May 30 10:48:24 172.16.12.4 2993: *Mar 11 03:12:12: AAA/ACCT/DS0: channel=5, ds1=0, t3=0, slot=1, ds0=16777221

May 30 10:48:24 172.16.12.4 2994: *Mar 11 03:12:12: AAA/ACCT: no attribute "elapsed_time" to replace, adding it

May 30 10:48:24 172.16.12.4 2995: *Mar 11 03:12:12: AAA/ACCT ISDN xmit=64000 recv=64000 hwidb=61451EB0

May 30 10:48:24 172.16.12.4 2996: *Mar 11 03:12:12: AAA/ACCT/NET/STOP User testuser, Port Serial1/0:5:

May 30 10:48:24 172.16.12.4 2997: task_id=1642 timezone=UTC service=ppp disc-cause=2 disc-cause-ext=1011 pre-bytes-in=149 pre-bytes-out=84 pre-paks-in=7 pre-paks-out=5 bytes_in=58 bytes_out=0 paks_in=2 paks_out=0 pre-session-time=1 connect-progress=65 elapsed_time=0 nas-rx-speed=64000 nas-tx-speed=64000

May 30 10:48:24 172.16.12.4 2998: *Mar 11 03:12:12: AAA/ACCT: user testuser, acct type 2 (3263994692): Method=tacacs+ (tacacs+)

May 30 10:48:24 172.16.12.4 2999: *Mar 11 03:12:12: TAC+: (68584559): received author response status = FAIL

May 30 10:48:24 172.16.12.4 3000: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR (68584559): Post authorization status = FAIL

May 30 10:48:24 172.16.12.4 3001: *Mar 11 03:12:13: TAC+: (3263994692): received acct response status = SUCCESS

Labels:
0 Helpful
1 Reply 1

mljohnson
Level 4
Level 4

‎05-30-2002 09:23 AM

It's hard to say from the debug above. First, the config is a bit funky. You have two pools specified on the serial interface, but only one dialer interface in one of the pools. You should therefore either add MPPP to the serial config (since we will negotiate LCP prior to binding to the profile), or add "dialer caller XXX" to int dialer 1 so that we can immediately bind on CLID.

From the debug the connection is torn down before authorization is even able to complete; you may want to collect the following debugs instead:

debug isdn q931

debup ppp neg

debug aaa authen

debug aaa author

You want to confirm who is initiating the disconnect, and then try to figure out why.

0 Helpful
Customers Also Viewed These Support Documents