Hi, i am having big trouble configuring a CISCO 3660 with 4 PRI´s as a dialin server using ACS V3.0 and MS-Chap-V2 with password expiration feature.
Everything is fine until i set the "user will have to change password next time" switch in Win2K, when i dial in after that the 3660 just crashes while the change password box appears on screen of the dialup client (NT and 2K).
This is the config of the router:
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
boot system flash flash:c3660-i-mz.122-2.XB5.bin
boot system flash flash:c3660-is-mz.122-10.bin
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default group radius
aaa authorization exec default group tacacs+ none
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group radius
Well, if your router crashes after the 'change password box', then it could be a bug. Have you tried alternate code to narrow down the issue. If it works using another version, then i would suggest you open a TAC case to get further help.
well, the tac told me that the only current version supporting ms-chap-v2 is 12.2(2) XB5. MS-CHAP-V2 is scheduled for the next major release. There is a document related to this ms-chap-v2 issue describing how to set up ms-chap-v2, and i did as explained in that document. The crash only occurs when the change password box occurs. I tried this with the demo of ACS V3.0 because we just got ACS V2.6, but i am not buying a new version if that password change feature doesnt work correctly.
Thanks, but i just tried to download and test 12.2(2)XB6 and noticed that theres only an XB5 release for the 3660 .... and maybe you can also help me with this: you gave me a problem number, but how can i find this specific problem using the number you gave me ???? Thank you very much !
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...