Re: virtual templates

schimekh · ‎09-15-2002

Hi !

could anyone please send me a template for configuring

Virtual Access Interfaces with ISDN PRI (and digital modems) -

authentication is done on a Cisco ACS.

My Problem:

*Mar 1 00:15:40: As73 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load]

*Mar 1 00:15:40: As73 CHAP: O CHALLENGE id 1 len 24 from "RAS"

*Mar 1 00:15:40: As73 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x69630DB0 MSRASV5.10

*Mar 1 00:15:40: As73 LCP: I IDENTIFY [Open] id 3 len 23 magic 0x69630DB0 MSRAS-1-H3A0322

*Mar 1 00:15:41: As73 CHAP: I RESPONSE id 1 len 29 from "schimeha"

*Mar 1 00:15:41: As73 CHAP: O SUCCESS id 1 len 4

*Mar 1 00:15:41: As73 MCB: Callback not authorized for this user schimeha

*Mar 1 00:15:41: Async73 PPP: O MCB Request(1) id 1 len 6

*Mar 1 00:15:41: Async73 MCB: O 1 1 0 6 1 2

*Mar 1 00:15:41: As73 MCB: O Request Id 1 Callback Type None

*Mar 1 00:15:41: As73 PPP: Phase is CBCP [0 sess, 0 load]

*Mar 1 00:15:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async73, changed state to up

*Mar 1 00:15:43: As73 MCB: Timeout in state WAIT_RESPONSE

*Mar 1 00:15:43: Async73 PPP: O MCB Request(1) id 2 len 6

*Mar 1 00:15:43: Async73 MCB: O 1 2 0 6 1 2

*Mar 1 00:15:43: As73 MCB: O Request Id 2 Callback Type None

*Mar 1 00:15:43: Async73 PPP: I MCB Response(2) id 1 len 6

*Mar 1 00:15:43: Async73 MCB: I 2 1 0 6 1 2

*Mar 1 00:15:43: As73 MCB: Received response

*Mar 1 00:15:43: As73 MCB: Resp ignored. ID Expected 2, got id 1

*Mar 1 00:15:44: Async73 PPP: I MCB Response(2) id 2 len 6

*Mar 1 00:15:44: Async73 MCB: I 2 2 0 6 1 2

*Mar 1 00:15:44: As73 MCB: Received response

*Mar 1 00:15:44: As73 MCB: Response CBK-None 1 2

*Mar 1 00:15:44: Async73 PPP: O MCB Ack(3) id 3 len 6

*Mar 1 00:15:44: Async73 MCB: O 3 3 0 6 1 2

*Mar 1 00:15:44: As73 MCB: O Ack Id 3 Callback Type None

*Mar 1 00:15:44: As73 MCB: No Callback negotiated; Exit

*Mar 1 00:15:44: Vi1 PPP: Phase is DOWN, Setup [0 sess, 0 load]

*Mar 1 00:15:44: As73 IPCP: Remove route to 10.129.10.51

*Mar 1 00:15:44: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

*Mar 1 00:15:44: Vi1 PPP: Using set call direction

*Mar 1 00:15:44: Vi1 PPP: Treating connection as a callin

*Mar 1 00:15:44: Vi1 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

*Mar 1 00:15:44: Vi1 LCP: State is Listen

*Mar 1 00:15:44: As73 PPP: Phase is FORWARDED [0 sess, 0 load]

*Mar 1 00:15:44: Vi1 LCP: I FORCED CONFREQ len 21

*Mar 1 00:15:44: Vi1 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Mar 1 00:15:44: Vi1 LCP: AuthProto CHAP (0x0305C22305)

*Mar 1 00:15:44: Vi1 LCP: MagicNumber 0x075F1F3E (0x0506075F1F3E)

*Mar 1 00:15:44: Vi1 LCP: PFC (0x0702)

*Mar 1 00:15:44: Vi1 LCP: ACFC (0x0802)

*Mar 1 00:15:44: As73 PPP: Phase is TERMINATING [0 sess, 0 load]

*Mar 1 00:15:44: As73 LCP: O TERMREQ [Open] id 3 len 4

*Mar 1 00:15:44: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

*Mar 1 00:15:44: Vi1 LCP: State is Closed

*Mar 1 00:15:44: Vi1 PPP: Phase is DOWN [0 sess, 0 load]

*Mar 1 00:15:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async73, changed state to down

Thanks a lot

Hans

makchitale · ‎09-15-2002

This should help : http://www.cisco.com/warp/public/793/access_dial/basicradius.shtml

If users still have issues when connecting, pls refer to the debug & show commands section in the doc.

Thanks, Mak.

schimekh · ‎09-15-2002

Hi !

Do you think, it`s a RADIUS problem ?

Now I get the following errors: (below I also added my config)

Sep 15 18:59:06: %ISDN-6-CONNECT: Interface Serial1/0:9 is now connected to 436765400458

Sep 15 18:59:12: %ISDN-6-CONNECT: Interface Serial1/0:9 is now connected to 436765400458

Sep 15 18:59:23: As83 LCP: I CONFREQ [Closed] id 0 len 23

Sep 15 18:59:23: As83 LCP: ACCM 0x00000000 (0x020600000000)

Sep 15 18:59:23: As83 LCP: MagicNumber 0x592861B0 (0x0506592861B0)

Sep 15 18:59:23: As83 LCP: PFC (0x0702)

Sep 15 18:59:23: As83 LCP: ACFC (0x0802)

Sep 15 18:59:23: As83 LCP: Callback 6 (0x0D0306)

Sep 15 18:59:23: As83 LCP: Lower layer not up, Fast Starting

Sep 15 18:59:23: As83 PPP: Treating connection as a callin

Sep 15 18:59:23: As83 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

Sep 15 18:59:23: As83 LCP: State is Listen

Sep 15 18:59:23: As83 LCP: O CONFREQ [Listen] id 1 len 25

Sep 15 18:59:23: As83 LCP: ACCM 0x000A0000 (0x0206000A0000)

Sep 15 18:59:23: As83 LCP: AuthProto CHAP (0x0305C22305)

Sep 15 18:59:23: As83 LCP: MagicNumber 0x07D9FC5C (0x050607D9FC5C)

Sep 15 18:59:23: As83 LCP: PFC (0x0702)

Sep 15 18:59:23: As83 LCP: ACFC (0x0802)

Sep 15 18:59:23: As83 LCP: O CONFACK [Listen] id 0 len 23

Sep 15 18:59:23: As83 LCP: ACCM 0x00000000 (0x020600000000)

Sep 15 18:59:23: As83 LCP: MagicNumber 0x592861B0 (0x0506592861B0)

Sep 15 18:59:23: As83 LCP: PFC (0x0702)

Sep 15 18:59:23: As83 LCP: ACFC (0x0802)

Sep 15 18:59:23: As83 LCP: Callback 6 (0x0D0306)

Sep 15 18:59:23: %LINK-3-UPDOWN: Interface Async83, changed state to up

Sep 15 18:59:23: As83 DDR: Dialer statechange to up

Sep 15 18:59:23: As83 DDR: Dialer received incoming call from

Sep 15 18:59:24: As83 LCP: I CONFACK [ACKsent] id 1 len 25

Sep 15 18:59:24: As83 LCP: ACCM 0x000A0000 (0x0206000A0000)

Sep 15 18:59:24: As83 LCP: AuthProto CHAP (0x0305C22305)

Sep 15 18:59:24: As83 LCP: MagicNumber 0x07D9FC5C (0x050607D9FC5C)

Sep 15 18:59:24: As83 LCP: PFC (0x0702)

Sep 15 18:59:24: As83 LCP: ACFC (0x0802)

Sep 15 18:59:24: As83 LCP: State is Open

Sep 15 18:59:24: As83 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load]

Sep 15 18:59:24: As83 CHAP: O CHALLENGE id 1 len 24 from "RAS"

Sep 15 18:59:24: As83 LCP: I IDENTIFY [Open] id 1 len 18 magic 0x592861B0 MSRASV5.10

Sep 15 18:59:24: As83 LCP: I IDENTIFY [Open] id 2 len 23 magic 0x592861B0 MSRAS-1-H3A0322

Sep 15 18:59:25: As83 CHAP: I RESPONSE id 1 len 29 from "schimeha"

Sep 15 18:59:26: As83 CHAP: O SUCCESS id 1 len 4

Sep 15 18:59:26: As83 DDR: Authenticated host schimeha with no matching dialer map

Sep 15 18:59:26: As83 MCB: Callback not authorized for this user schimeha

Sep 15 18:59:26: Async83 PPP: O MCB Request(1) id 1 len 6

Sep 15 18:59:26: Async83 MCB: O 1 1 0 6 1 2

Sep 15 18:59:26: As83 MCB: O Request Id 1 Callback Type None

Sep 15 18:59:26: As83 PPP: Phase is CBCP [0 sess, 0 load]

Sep 15 18:59:26: Async83 PPP: I MCB Response(2) id 1 len 6

Sep 15 18:59:26: Async83 MCB: I 2 1 0 6 1 2

Sep 15 18:59:26: As83 MCB: Received response

Sep 15 18:59:26: As83 MCB: Response CBK-None 1 2

Sep 15 18:59:26: Async83 PPP: O MCB Ack(3) id 2 len 6

Sep 15 18:59:26: Async83 MCB: O 3 2 0 6 1 2

Sep 15 18:59:26: As83 MCB: O Ack Id 2 Callback Type None

Sep 15 18:59:26: As83 MCB: No Callback negotiated; Exit

Sep 15 18:59:26: Vt1 VTEMPLATE: (Pre)cloning vaccess from recycle queue

Sep 15 18:59:26: Vi1 PPP: Phase is DOWN, Setup [0 sess, 0 load]

Sep 15 18:59:26: Vi1 VTEMPLATE: Has a new cloneblk vtemplate, now it has vtemplate

Sep 15 18:59:26: Vi1 VTEMPLATE: ************* CLONE VACCESS1 *****************

Sep 15 18:59:26: Vi1 VTEMPLATE: Clone from Virtual-Template1

interface Virtual-Access1

default ip address

no ip address

encap ppp

ip unnumbered fa 0/0

no ip address

ip unnumbered loopback 1

ip unnumbered fa 0/0

no ip directed-broadcast

no keepalive

ip unnumbered fa 0/0

no ip directed-broadcast

no snmp trap link-status

end

Sep 15 18:59:26: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Sep 15 18:59:26: Vi1 PPP: Using set call direction

Sep 15 18:59:26: Vi1 PPP: Treating connection as a callin

Sep 15 18:59:26: Vi1 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

Sep 15 18:59:26: Vi1 LCP: State is Listen

Sep 15 18:59:26: As83 PPP: Phase is FORWARDED [0 sess, 0 load]

Sep 15 18:59:26: Vi1 LCP: I FORCED CONFREQ len 21

Sep 15 18:59:26: Vi1 LCP: ACCM 0x000A0000 (0x0206000A0000)

Sep 15 18:59:26: Vi1 LCP: AuthProto CHAP (0x0305C22305)

Sep 15 18:59:26: Vi1 LCP: MagicNumber 0x07D9FC5C (0x050607D9FC5C)

Sep 15 18:59:26: Vi1 LCP: PFC (0x0702)

Sep 15 18:59:26: Vi1 LCP: ACFC (0x0802)

Sep 15 18:59:26: Vi1 VTEMPLATE: Free vaccess

Sep 15 18:59:26: As83 PPP: Phase is TERMINATING [0 sess, 0 load]

Sep 15 18:59:26: As83 LCP: O TERMREQ [Open] id 2 len 4

Sep 15 18:59:26: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

Sep 15 18:59:26: Vi1 VTEMPLATE: Try to free a freed vaccess

Sep 15 18:59:26: Vi1 LCP: State is Closed

Sep 15 18:59:26: Vi1 PPP: Phase is DOWN [0 sess, 0 load]

Sep 15 18:59:26: VTEMPLATE: Clean up dirty vaccess queue, size 1

Sep 15 18:59:26: Vi1 VTEMPLATE: Found a dirty vaccess clone with vtemplate

Sep 15 18:59:26: Vi1 VTEMPLATE: ************ UNCLONE VACCESS1 **************

Sep 15 18:59:26: Vi1 VTEMPLATE: Unclone to-be-freed command#11

interface Virtual-Access1

default snmp trap link-status

default ip directed-broadcast

default ip unnumbered fa 0/0

default keepalive

default ip directed-broadcast

default ip unnumbered fa 0/0

default ip unnumbered loopback 1

default ip address

default ip unnumbered fa 0/0

default encap ppp

default ip address

end

Sep 15 18:59:26: Vi1 VTEMPLATE: Remove cloneblk vtemplate with vtemplate

Sep 15 18:59:26: Vi1 VTEMPLATE: Set default settings with no ip address

Sep 15 18:59:26: Vi1 VTEMPLATE: Add vaccess to recycle queue, queue size 1

Sep 15 18:59:28: As83 LCP: TIMEout: State TERMsent

Sep 15 18:59:28: As83 LCP: O TERMREQ [TERMsent] id 3 len 4

Sep 15 18:59:29: %ISDN-6-DISCONNECT: Interface Serial1/0:9 disconnected from 436765400458 , call lasted 22 seconds

Sep 15 18:59:30: As83 LCP: TIMEout: State TERMsent

Sep 15 18:59:30: As83 LCP: State is Closed

Sep 15 18:59:30: As83 PPP: Phase is DOWN [0 sess, 0 load]

Sep 15 18:59:30: As83 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

Sep 15 18:59:30: As83 LCP: State is Listen

Sep 15 18:59:32: As83 LCP: TIMEout: State Listen

Sep 15 18:59:32: As83 LCP: O CONFREQ [Listen] id 4 len 25

Sep 15 18:59:32: As83 LCP: ACCM 0x000A0000 (0x0206000A0000)

Sep 15 18:59:32: As83 LCP: AuthProto CHAP (0x0305C22305)

Sep 15 18:59:32: As83 LCP: MagicNumber 0x07DA2003 (0x050607DA2003)

Sep 15 18:59:32: As83 LCP: PFC (0x0702)

Sep 15 18:59:32: As83 LCP: ACFC (0x0802)

Sep 15 18:59:32: %LINK-5-CHANGED: Interface Async83, changed state to reset

Sep 15 18:59:32: As83 LCP: State is Closed

Sep 15 18:59:32: As83 PPP: Phase is DOWN [0 sess, 0 load]

Sep 15 18:59:37: %LINK-3-UPDOWN: Interface Async83, changed state to down

Sep 15 18:59:37: As83 LCP: State is Closed

Sep 15 18:59:47: As83 DDR: re-enable timeout

running-config:

version 12.2

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname RAS

aaa new-model

aaa authentication login NO_AUTH line local

aaa authentication ppp default group tacacs+

aaa authorization network default group tacacs+

!

memory-size iomem 15

modem country mica austria

ip subnet-zero

!

no ip domain-lookup

!

ip dhcp-server 10.249.20.7

virtual-profile virtual-template 1

virtual-profile aaa

async-bootp dns-server 10.249.20.5 10.249.20.7

async-bootp nbns-server 10.249.20.5 10.249.20.7

isdn switch-type primary-net5

isdn voice-call-failure 0

chat-script reset "" at&fx3 "OK"

chat-script CALLBACK ABORT ERROR ABORT BUSY "" "AT" OK "ATDT \T" TIMEOUT 30 CONNECT \c

chat-script offhook "" "ATH1" OK

!

controller E1 1/0

pri-group timeslots 1-31

description ISDN-Line for DialIn

!

interface FastEthernet0/0

ip address 10.129.10.2 255.255.255.0

ip helper-address 10.249.20.7

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

interface Serial1/0:15

description ISDN-Line for DialIn

no ip address

encapsulation ppp

no ip route-cache

dialer idle-timeout 600

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

isdn T321 0

peer default ip address pool dial

no fair-queue

no cdp enable

ppp authentication chap pap ms-chap

!

interface Virtual-Template1

ip unnumbered FastEthernet0/0

no keepalive

no snmp trap link-status

peer default ip address pool dial

ppp authentication chap pap ms-chap

ppp multilink

!

interface Group-Async1

description Asyn Interface Remoteeinwahl

ip unnumbered FastEthernet0/0

encapsulation ppp

ip tcp header-compression passive

no ip mroute-cache

dialer in-band

dialer idle-timeout 600

dialer-group 1

async mode dedicated

peer default ip address pool dial

ppp callback accept

ppp authentication chap pap ms-chap

group-range 65 92

!

router ospf 1

log-adjacency-changes

redistribute connected subnets

redistribute static

network 10.129.10.0 0.0.0.255 area 0

network 10.129.250.0 0.0.0.3 area 0

network 10.129.250.4 0.0.0.3 area 0

network 10.129.250.8 0.0.0.3 area 0

!

ip local pool dial 10.129.10.10 10.129.10.60

ip classless

!

dialer-list 1 protocol ip permit

tacacs-server host 10.129.7.140

tacacs-server key *********

radius-server host 10.249.20.9 auth-port 1645 acct-port 1646

radius-server retransmit 3

line con 0

exec-timeout 0 0

password 7 100F0D1C13161606050A69

login authentication NO_AUTH

line 65 94

script modem-off-hook offhook

script callback CALLBACK

refuse-message ^CCC No Modems availble ^C

modem InOut

modem autoconfigure type initstring

rotary 1

transport preferred telnet

transport input all

autoselect during-login

autoselect ppp

callback forced-wait 5

line aux 0

password 7 064707724B0D1B1610031719

transport input all

line vty 0 4

exec-timeout 30 0

password 7 0247005E1D070B2C45404A

login authentication NO_AUTH

!

makchitale · ‎09-15-2002

Please add "ppp callback accept" under the virtual-template 1.

Thanks, Mak.

schimekh · ‎09-16-2002

I added "callback accept" - but no effect !

ISDN callers are authenticated successfully - but analog calls are disconnected ! LCP and PPP does NOT come up !

BUT if calls are authenticated against RADIUS (Windows NT Domain) - without using these Virtual Templates - Users are successfully registered on the network !

I do NOT have any idea anymore !

thx

hans

mljohnson · ‎09-17-2002

Try adding PPP multilink to the group-async interface. It's currently not under the group-async, but it is under the virtual-template. I think this "disagreement" on the part of the two interfaces is causing the disconnect.