Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DIal In TO CISCO AS 5300 (E1) from ISDN(BRI)

I have CISCO AS5300 with E1 lines and it is configured for modems. I want to dial in to my AS5300 from ISDN BRI (Router and Terminal Adapter).

Please send me the configuration to congiure the CISCO AS5300 for ISDN BRI and async modems dial in.

I will be really greatful if somebody can tell that how i can authenticate users from RADIUS and local database both. currently i am using RADIUS(Radiator).

Here is the configuration of my RAS.

Current configuration : 4512 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname RAS1

!

logging queue-limit 100

enable secret 5

enable password 7

!

username abc password 7

username xyz password 7

spe 1/0 2/9

firmware location flash:2:mica-modem-pw.2.9.4.0.bin

!

!

resource-pool disable

!

modem recovery action none

aaa new-model

!

!

aaa authentication ppp default group radius

aaa authorization network default local group radius

aaa accounting network default start-stop group radius

aaa session-id common

ip subnet-zero

ip wccp version 1

ip wccp web-cache redirect-list 114

ip finger

ip telnet hidden addresses

ip domain name mydomain.com

ip name-server 192.168.1.10

ip name-server 192.168.2.10

!

multilink virtual-template 1

!

isdn switch-type primary-net5

modemcap entry pw2720:MSC=&F&D2S32=1S10=50S34=4000S40=8

partition flash 2 8 8

!

!

!

controller E1 0

clock source line primary

pri-group timeslots 1-31

!

controller E1 1

clock source line secondary 1

pri-group timeslots 1-31

!

controller E1 2

pri-group timeslots 1-31

!

controller E1 3

pri-group timeslots 1-31

!

interface Ethernet0

no ip address

shutdown

!

interface Virtual-Template1

ip unnumbered FastEthernet0

peer default ip address pool setup_pool

ppp authentication pap chap

ppp multilink

!

interface Serial0:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

no peer default ip address

no cdp enable

ppp authentication pap chap

ppp multilink

!

interface Serial1:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

no peer default ip address

ppp authentication pap chap

ppp multilink

!

interface Serial2:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

no peer default ip address

ppp authentication pap chap

ppp multilink

!

interface Serial3:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

no peer default ip address

ppp authentication pap chap

ppp multilink

!

interface FastEthernet0

ip address 192.168.2.1 255.255.255.0 secondary

ip wccp web-cache redirect out

duplex auto

speed 100

!

interface Group-Async1

ip unnumbered FastEthernet0

encapsulation ppp

async dynamic address

async dynamic routing

async mode interactive

peer default ip address pool setup_pool

no keepalive

no fair-queue

ppp authentication pap chap

ppp multilink

group-range 1 120

!

interface Dialer1

ip unnumbered FastEthernet0

encapsulation ppp

dialer in-band

dialer idle-timeout 900

dialer-group 1

peer default ip address pool ISDN

ppp authentication pap chap callin

ppp multilink

!

ip local pool setup_pool 192.168.100.1 192.168.100.130

ip local pool ISDN 192.168.100.150 192.168.100.200

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.1.1

no ip http server

!

!

!

dialer-list 1 protocol ip permit

radius-server configure-nas

radius-server host 10.1.1.1 auth-port 1645 acct-port 1646

radius-server timeout 500

radius-server key 7

radius-server authorization permit missing Service-Type

radius-server vsa send accounting

radius-server vsa send authentication

banner exec ^CTHE PASSWD IS CORRECT | RESTRICTED ACCESS^C

!

line con 0

logging synchronous

line 1

session-timeout 4320

no flush-at-activation

login authentication parameters

modem Dialin

modem autoconfigure type pw2720

transport input all

autoselect during-login

autoselect ppp

line 2 120

no flush-at-activation

login authentication parameters

modem Dialin

modem autoconfigure type pw2720

transport input all

autoselect during-login

autoselect ppp

line aux 0

line vty 0 4

exec-timeout 300 0

password 7 06070B2449425B

line vty 5 15

exec-timeout 300 0

!

scheduler interval 1000

end

2 REPLIES
Silver

Re: DIal In TO CISCO AS 5300 (E1) from ISDN(BRI)

Please refer to:

http://www.cisco.com/warp/public/793/access_dial/5300.html

Can you please send me the debug outputs for an isdn call:

deb isdn q931 / deb ppp nego / deb aaa authen / deb aaa authoriz / deb vtemp / deb radius

Thanks, Mak.

Cisco Employee

Re: DIal In TO CISCO AS 5300 (E1) from ISDN(BRI)

I assume that the radius server is configured right and E1/PRI lines are working ok for dialin.

The above configuration that you have should work for isdn and async dialin with multilink. Now to configure the NAS to authenticate locally when the radius server is down, you can add "local" keyword after all those aaa commands..like

aaa authentication ppp default group radius local

aaa authorization network default local group radius local

aaa accounting network default start-stop group radius local

Now one thing to note..the mica modems are running portware 2.9.4.0 and the modemcap that you have pw2720 is for old 2720 firmware..So i think you need to modify that. Pl. visit following url fore "Recommended modemcap based on portware"

http://www.cisco.com/warp/public/471/recc_modemcaps.html

Do you have any problem with above config? Pl. outline the issues that you might have.

83
Views
0
Helpful
2
Replies
CreatePlease to create content