Hello, I am still trying to implement a CISCO 3660 with four E1 lines as RAS-Server for NT/W2K Dialup-Users. Everything works fine, except the new MS-CHAP-V2 Password change feature which is also supported by Cisco ACS V3.0. The problem still resides, that if I select the "User must change password next logon" box the dialup-user sees the dialogue telling him to change the password, but the password is not send to the ACS Server and changed in the W2K User-Database. I was told that IOS 12.2.2 XB6 will support this and clear the crash bug which was in XB5. The crash bug is fixed, but you still cannot change the Dialup-Password. I also found a document that this is still not supported in XB6. Can someone from Cisco tell me when this feature will work correctly ???
This is a debug trace from the Router and some notes which i found in bug-tool:
16:01:38: %LINK-3-UPDOWN: Interface Serial1/0:0, changed state to up
16:01:38: Se1/0:0 EVT: Cstate  4 0x812BCF18
16:01:38: Se1/0:0 PPP: Treating connection as a callin
16:01:38: Se1/0:0 PPP: Phase is ESTABLISHING, Passive Open
16:01:38: Se1/0:0 LCP: State is Listen
16:01:40: Se1/0:0 EVT: Packet  1 0x810478FC
16:01:40: Se1/0:0 LCP: I CONFREQ [Listen] id 0 len 13
16:01:223338299392: %LINK-3-UPDOWN: Interface Serial1/0:0, changed state to down
16:01:52: Se1/0:0 EVT: Cstate  0 0x812BCF18
16:01:52: Se1/0:0 LCP: State is Closed
16:01:52: Se1/0:0 PPP: Phase is DOWN
CSCdw77166 Bug Details
The test will verify the support of version 2 of Microsoft's PPP CHAP dialect,
called MSCHAPv2 on Cisco routers by examining the output of various show and debug commands, as well as verifying successful authentication and rejection via local method as well as via MS-IAS RADIUS server. In these IOS images,MSCHAPv2 authentication protocol is not wroking properly and the required debugs are not collected while making a call.
ppp authentication ms-chap-v2 is configured in the UUT.
The list below contains all of the versions that are affected by this bug:
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...