Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
0
Helpful
5
Replies

MS-CHAP-V2 and IOS 12.2.2 XB5

hbaumbach
Level 1
Level 1

‎06-23-2002 09:33 PM - edited ‎03-01-2019 10:22 PM

Hi, i am having big trouble configuring a CISCO 3660 with 4 PRI´s as a dialin server using ACS V3.0 and MS-Chap-V2 with password expiration feature.

Everything is fine until i set the "user will have to change password next time" switch in Win2K, when i dial in after that the 3660 just crashes while the change password box appears on screen of the dialup client (NT and 2K).

This is the config of the router:

version 12.2

no parser cache

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname RoutEWAHL1

!

boot system flash flash:c3660-i-mz.122-2.XB5.bin

boot system flash flash:c3660-is-mz.122-10.bin

aaa new-model

!

!

aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authentication ppp default group radius

aaa authorization exec default group tacacs+ none

aaa authorization network default group radius

aaa accounting delay-start

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group radius

aaa session-id common

enable password pullmoll

!

username XYXYXYXXY password 0 XYXYXYXXYXY

ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

isdn switch-type primary-net5

!

controller E1 1/0

pri-group timeslots 1-31

!

controller E1 1/1

pri-group timeslots 1-31

!

controller E1 2/0

pri-group timeslots 1-31

!

controller E1 2/1

pri-group timeslots 1-31

!

!

!

interface FastEthernet0/0

ip address 172.17.2.1 255.255.0.0

no ip mroute-cache

duplex auto

speed 100

!

interface Serial1/0:15

description Rufnummer XYXYXYXY

no ip address

encapsulation ppp

ip tcp header-compression

timeout absolute 3600 0

dialer rotary-group 1

dialer-group 1

isdn switch-type primary-net5

isdn T310 4000

compress mppc

no cdp enable

ppp multilink

!

interface Serial1/1:15

description Rufnummer XYXYXYXXY

no ip address

encapsulation ppp

ip tcp header-compression

timeout absolute 3600 0

dialer rotary-group 1

dialer-group 1

isdn switch-type primary-net5

isdn T310 4000

compress mppc

no cdp enable

ppp multilink

!

interface Serial2/0:15

no ip address

shutdown

isdn switch-type primary-net5

isdn T310 4000

no cdp enable

!

interface Serial2/1:15

no ip address

shutdown

isdn switch-type primary-net5

isdn T310 4000

no cdp enable

!

interface Dialer1

description Interner SOPHO-Anschluss XYXYXXYXY

ip unnumbered FastEthernet0/0

encapsulation ppp

ip tcp header-compression

no ip mroute-cache

keepalive 7200

timeout absolute 3600 0

dialer in-band

dialer aaa

dialer idle-timeout 7200

dialer hold-queue 20

dialer-group 1

no peer default ip address

compress mppc

no cdp enable

ppp max-bad-auth 3

ppp callback accept

ppp authentication ms-chap-v2 callin

ppp multilink

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.17.1.5

ip route 172.18.178.0 255.255.255.0 172.17.1.7

ip route 172.19.98.0 255.255.255.0 172.17.1.5

ip route 191.9.0.0 255.255.0.0 172.17.1.7

ip http server

!

!

map-class dialer call-back

dialer callback-server username

logging trap notifications

logging 172.17.40.0

dialer-list 1 protocol ip permit

tacacs-server host 172.19.98.71 key stadtdoras

snmp-server community dort_wri RW

snmp-server community stado_ro RO

snmp-server enable traps tty

radius-server host 172.19.98.71 auth-port 1812 acct-port 1813 key stadtdoras

radius-server retransmit 3

radius-server vsa send authentication

!

line con 0

speed 19200

line aux 0

line vty 0 4

timeout login response 300

password admin

absolute-timeout 3600

!

!

end

If you have any tips for me what i am doing wrong please dont hesitate to tell me ..... Thank you for your help !!

Labels:
0 Helpful
5 Replies 5

yusuff
Cisco Employee
Cisco Employee

‎06-24-2002 02:06 AM

Well, if your router crashes after the 'change password box', then it could be a bug. Have you tried alternate code to narrow down the issue. If it works using another version, then i would suggest you open a TAC case to get further help.

R/Yusuf

0 Helpful

hbaumbach
Level 1
Level 1
In response to yusuff

‎06-24-2002 02:40 AM

well, the tac told me that the only current version supporting ms-chap-v2 is 12.2(2) XB5. MS-CHAP-V2 is scheduled for the next major release. There is a document related to this ms-chap-v2 issue describing how to set up ms-chap-v2, and i did as explained in that document. The crash only occurs when the change password box occurs. I tried this with the demo of ACS V3.0 because we just got ACS V2.6, but i am not buying a new version if that password change feature doesnt work correctly.

0 Helpful

makchitale
Level 6
Level 6
In response to hbaumbach

‎06-24-2002 08:24 AM

You are running into CSCdx66244....12.2(2)XB6 has the fix for the same.

Thanks, Mak.

0 Helpful

hbaumbach
Level 1
Level 1
In response to makchitale

‎06-25-2002 02:43 AM

Thanks, but i just tried to download and test 12.2(2)XB6 and noticed that theres only an XB5 release for the 3660 .... and maybe you can also help me with this: you gave me a problem number, but how can i find this specific problem using the number you gave me ???? Thank you very much !

0 Helpful

makchitale
Level 6
Level 6
In response to hbaumbach

‎06-25-2002 08:59 AM

Go to www.cisco.com/tac , login , select Tool Index, select Bug Toolkit & enter the bug id (CDCdx66244)

You can find 12.2(2)XB6 for 3660 on CCO now.

Thanks, Mak.

0 Helpful
Customers Also Viewed These Support Documents