We use TAC AAA and that TAC box points to our Active directory for authentication. Only some users our having this issue and We have verified that those users are apart of the same group as users who are able to connect.
Nov 8 09:22:02 EST: As3/23 PPP: Using dialer call direction
Nov 8 09:22:02 EST: As3/23 PPP: Treating connection as a callin
Nov 8 09:22:02 EST: As3/23 PPP: Authorization required
Nov 8 09:22:02 EST: As3/23 DDR: Dialer statechange to up
Nov 8 09:22:02 EST: As3/23 DDR: Dialer received incoming call from <unknown>
Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: O CHALLENGE id 3 len 37 from "lclas5400d-on.ca"
Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: I RESPONSE id 3 len 61 from "bwillco"
Nov 8 09:22:03 EST: As3/23 PPP: Sent MSCHAP_V2 LOGIN Request
Nov 8 09:22:03 EST: As3/23 PPP: Received LOGIN Response FAIL
Nov 8 09:22:03 EST: As3/23 MS-CHAP-V2: O FAILURE id 3 len 13 msg is "E=691 R=0"
Workaround: Do not use EAP. Rather, use CHAP, PAP, or MSCHAP, or configure EAP to authenticate locally by entering the ppp eap local command. Doing so requires AAA to be configured to authenticate PPP locally and the users that must be authenticated to be defined locally.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...