Re: ISDN dial-in RADIUS and dialer interfaces

peter.haynes · ‎01-28-2003

I have a router with a large number of users that dial in via ISDN. For each new client I have been adding in a new dialer interface with a "dialer remote-name" command and also adding the user's details into our RADIUS box. What I would like to do is just have a single dialer interface configured to use RADIUS so that I do not need to change the router configuration for any new users.

The config for my dialer interface is below. If I add in a dialer remote-name with the username of someone on our RADIUS server this will work. Without it it does not.

interface Dialer1

description ISDN dialup - RADIUS authenticated

ip unnumbered Ethernet0

no ip directed-broadcast

encapsulation ppp

no ip mroute-cache

bandwidth 64

peer default ip address pool dialinusers

dialer in-band

dialer idle-timeout 99999

dialer enable-timeout 500

dialer hold-queue 10

no fair-queue

compress stac

no cdp enable

ppp authentication chap dial-in

I would appreciate if anyone can tell me where I am going wrong.

Thanks in advance,

Peter

tepatel · ‎01-28-2003

You are using "dialer profiles" for dialin users..For that you need different interface for each users. You need to remove dialer profile related commands from the config to have a one general interface for all. To do that you need to

1)remove "dialer pool-member x" command under the physical interface like "interface serial x:23" in case of PRI or "interface bri x" in case of BRI line.

2)remove "dialer pool x" command under the "interface dialer x"..(all of the dialer interface)

Once you have removed all the above commands from the interfaces, need to enter "dialer rotary-group 1" command under the physical interface like "interface serial x:23" in case of PRI or "interface bri x" in case of BRI line.

With the command and the above config for "interface dialer 1" (as you have in the question" should do the job for you.

Here is the urls which has sample config for that

http://www.cisco.com/warp/public/793/access_dial/5300.html

leave the aaa config as it is.

tepatel · ‎01-28-2003

One more url for the same

http://www.cisco.com/warp/customer/793/access_dial/dial_config_5142.html

It has sample config for local authentication but you can copy your working config for aaa part..It has links for aaa config too.

peter.haynes · ‎02-02-2003

Thanks for your response. Just to clarify - I can only have one dialer interface to get it to work?

Thankyou,

Peter

tepatel · ‎02-03-2003

Since we are using the Rotary-groups, YES, just one dialer interface is required..

If you are using dialer profiles, like the way you have earlier, you need a dialer interface for each user.

brett.harding · ‎02-14-2003

Hi Peter,

I believe the feature you are after is virtual profiles. You need to create a virtual template interface instead of a dialer intreface.

Hope that helps.

Regards

Brett

peter.haynes · ‎02-16-2003

Everyone,

The Dialer rotary-group worked fine (after reconfiguring the incoming ISDN to use ip unnumbered). I also noticed that I could not specify a dialer idle-timeout without using dialer in-band for a rotary group (I guess I can live with that).

Thanks everyone for your help.

Rgds,

Peter

makchitale · ‎02-16-2003

We need to have dialer in-band configured in order to add the dialer idle-timeout command (the router will complain if not done in that sequence).

http://www.cisco.com/warp/public/471/idle_timeout.html#6

Thanks, Mak.

tepatel · ‎02-17-2003

dialer in-band command will make any interface a DDR capable. So in order to apply any DDR or dialer related commands (which starts with keyword "dialer" mostly ) , you need to make that interface a ddr capable using "dialer in-band".