06-23-2002 09:33 PM - edited 03-01-2019 10:22 PM
Hi, i am having big trouble configuring a CISCO 3660 with 4 PRI´s as a dialin server using ACS V3.0 and MS-Chap-V2 with password expiration feature.
Everything is fine until i set the "user will have to change password next time" switch in Win2K, when i dial in after that the 3660 just crashes while the change password box appears on screen of the dialup client (NT and 2K).
This is the config of the router:
version 12.2
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname RoutEWAHL1
!
boot system flash flash:c3660-i-mz.122-2.XB5.bin
boot system flash flash:c3660-is-mz.122-10.bin
aaa new-model
!
!
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default group radius
aaa authorization exec default group tacacs+ none
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group radius
aaa session-id common
enable password pullmoll
!
username XYXYXYXXY password 0 XYXYXYXXYXY
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
isdn switch-type primary-net5
!
controller E1 1/0
pri-group timeslots 1-31
!
controller E1 1/1
pri-group timeslots 1-31
!
controller E1 2/0
pri-group timeslots 1-31
!
controller E1 2/1
pri-group timeslots 1-31
!
!
!
interface FastEthernet0/0
ip address 172.17.2.1 255.255.0.0
no ip mroute-cache
duplex auto
speed 100
!
interface Serial1/0:15
description Rufnummer XYXYXYXY
no ip address
encapsulation ppp
ip tcp header-compression
timeout absolute 3600 0
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-net5
isdn T310 4000
compress mppc
no cdp enable
ppp multilink
!
interface Serial1/1:15
description Rufnummer XYXYXYXXY
no ip address
encapsulation ppp
ip tcp header-compression
timeout absolute 3600 0
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-net5
isdn T310 4000
compress mppc
no cdp enable
ppp multilink
!
interface Serial2/0:15
no ip address
shutdown
isdn switch-type primary-net5
isdn T310 4000
no cdp enable
!
interface Serial2/1:15
no ip address
shutdown
isdn switch-type primary-net5
isdn T310 4000
no cdp enable
!
interface Dialer1
description Interner SOPHO-Anschluss XYXYXXYXY
ip unnumbered FastEthernet0/0
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
keepalive 7200
timeout absolute 3600 0
dialer in-band
dialer aaa
dialer idle-timeout 7200
dialer hold-queue 20
dialer-group 1
no peer default ip address
compress mppc
no cdp enable
ppp max-bad-auth 3
ppp callback accept
ppp authentication ms-chap-v2 callin
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.1.5
ip route 172.18.178.0 255.255.255.0 172.17.1.7
ip route 172.19.98.0 255.255.255.0 172.17.1.5
ip route 191.9.0.0 255.255.0.0 172.17.1.7
ip http server
!
!
map-class dialer call-back
dialer callback-server username
logging trap notifications
logging 172.17.40.0
dialer-list 1 protocol ip permit
tacacs-server host 172.19.98.71 key stadtdoras
snmp-server community dort_wri RW
snmp-server community stado_ro RO
snmp-server enable traps tty
radius-server host 172.19.98.71 auth-port 1812 acct-port 1813 key stadtdoras
radius-server retransmit 3
radius-server vsa send authentication
!
line con 0
speed 19200
line aux 0
line vty 0 4
timeout login response 300
password admin
absolute-timeout 3600
!
!
end
If you have any tips for me what i am doing wrong please dont hesitate to tell me ..... Thank you for your help !!
06-24-2002 02:06 AM
Well, if your router crashes after the 'change password box', then it could be a bug. Have you tried alternate code to narrow down the issue. If it works using another version, then i would suggest you open a TAC case to get further help.
R/Yusuf
06-24-2002 02:40 AM
well, the tac told me that the only current version supporting ms-chap-v2 is 12.2(2) XB5. MS-CHAP-V2 is scheduled for the next major release. There is a document related to this ms-chap-v2 issue describing how to set up ms-chap-v2, and i did as explained in that document. The crash only occurs when the change password box occurs. I tried this with the demo of ACS V3.0 because we just got ACS V2.6, but i am not buying a new version if that password change feature doesnt work correctly.
06-24-2002 08:24 AM
You are running into CSCdx66244....12.2(2)XB6 has the fix for the same.
Thanks, Mak.
06-25-2002 02:43 AM
Thanks, but i just tried to download and test 12.2(2)XB6 and noticed that theres only an XB5 release for the 3660 .... and maybe you can also help me with this: you gave me a problem number, but how can i find this specific problem using the number you gave me ???? Thank you very much !
06-25-2002 08:59 AM
Go to www.cisco.com/tac , login , select Tool Index, select Bug Toolkit & enter the bug id (CDCdx66244)
You can find 12.2(2)XB6 for 3660 on CCO now.
Thanks, Mak.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide