Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with dialer bundling channels

I have a a dial-in router (3660) which external users dial-into via modems or ISDN. Authentication of users is via Securid tokens and CiscoSecure ACS. Token caching is enabled on ACS so that ISDN users can bring up a second b-channel. If one ISDN user dials in, everything is O.K. However, when the second ISDN user dials in, the dialer tries to add the second user's b-channels to the first user's, and authentication for the second user fails and call is dropped.

Any thoughts on why this is happening? Should I be using virtual templates and dialer rotary-groups ?

See partial config below:

aaa new-model

aaa authentication login default group radius local

aaa authentication login NO_RADIUS line

aaa authentication login CONSOLE none

aaa authentication ppp default if-needed group radius local

aaa authorization network default group radius

aaa accounting delay-start

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

aaa accounting connection default start-stop group radius

interface Serial1/0:15

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type primary-net5

isdn incoming-voice modem

no cdp enable

ppp multilink

!

interface Group-Async1

ip unnumbered FastEthernet0/0

ip helper-address <ip address omitted>

ip helper-address <ip address omitted>

ip helper-address <ip address omitted>

encapsulation ppp

dialer in-band

dialer idle-timeout 1200

dialer fast-idle 180

dialer-group 1

async mode interactive

peer default ip address pool MyPool

ppp callback accept

ppp authentication pap ms-chap

group-range 65 94

!

interface Dialer1

description "ISDN users come in here"

ip unnumbered FastEthernet0/0

ip helper-address <ip address omitted>

ip helper-address <ip address omitted>

ip helper-address <ip address omitted>

encapsulation ppp

dialer pool 1

dialer idle-timeout 1200

dialer fast-idle 180

dialer-group 1

peer default ip address pool MyPool

no cdp enable

ppp callback accept

ppp authentication pap

ppp multilink

!

ip local pool MyPool <ip address omitted> <ip address omitted>

1 REPLY
Cisco Employee

Re: Problem with dialer bundling channels

Make sure that the usename of both the users are different.. Since ppp multilink is turned on, two channles will be bundeled togather if the same username is received during authentication. We need to see the debug for following to see the problem,

debug isdn q931

debug ppp nego

debug ppp authentication

debug aaa authentication

debug aaa authorizion

debug aaa per

Now let first user dialin and connect and issue "sh users", let second user dialin and capture the debug for both the calls and post it here,

Now you do need virtual-template if user specific authorization attributes are downloaded from AAA to router..

85
Views
0
Helpful
1
Replies