03-06-2007 11:49 AM - edited 03-03-2019 04:03 PM
How would I configure ISDN dialin for users on a 3640 Router?
We have a seperate server that does the auth so basically, the router must accept the connection, not auth it locally but send it on to the auth server to verify and send back to the user.
At the moment connections are working for analogue users but not ISDN users. I cannot get this working at all.
03-06-2007 10:04 PM
Hi Brad
Can you post the config over here ?
regds
03-06-2007 10:25 PM
If you can tell me which part of the config you want to see, I'll post it.
03-06-2007 10:28 PM
Hi Brad
Can you post the config of the AAA part as well as the dialer part...
regds
03-06-2007 10:54 PM
!
aaa group server radius dialin
server our.network.radius.server auth-port 1645 acct-port 1646
!
aaa authentication ppp default local
aaa authentication ppp RADIUS group dialin local
aaa session-id common
!
interface Serial1/1:15
description isdn-pri
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
dialer pool-member 1
dialer pool-member 200
isdn switch-type primary-net5
isdn incoming-voice modem
isdn calling-number 1900
peer default ip address pool dialin
no cdp enable
ppp authentication pap chap callin
!
hope this helps....
This is the ASYNC interface for Analogue users.
!
interface Group-Async1
ip unnumbered FastEthernet0/0
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
no ip mroute-cache
load-interval 30
dialer in-band
dialer idle-timeout 0
async mode interactive
peer default ip address pool dialin
ppp authentication pap chap ms-chap RADIUS
group-range 97 114
!
03-06-2007 10:08 PM
Brad,
A debug ppp authentication might give you some clues.
Are you sure it is the authentication that is broke? Have you tried configuring a local username and password?
Posting your configuration would be helpful.
Dave
03-06-2007 10:45 PM
03-06-2007 11:02 PM
Hi Brad
In your AAA Config you have the below line mentioned in your config which i feel overtakes your Radius group config..
aaa authentication ppp default local ..
do remove this line from your config and check..
Also make sure once you remove the line you have the other line mentioning the radius group available in the config..
As far as the authentication for ASYNC is concern i can see the Radius mode of authentication mentioned under the same...
I feel thats the reason your ASYNC dialin users doesnt face any issues in getting authenticated..
regds
03-06-2007 11:15 PM
We have dialers created for our client routers as isdn backup on this router as well as usernames for client routers. is that not the reason why we have that statement?
03-06-2007 11:27 PM
Hi Brad
Did you try removing as per my previous post ?
Also can you post the config of the respective dialer configs configured for the customers..
regds
03-06-2007 11:44 PM
did not remove ...are you sure it wont break the customer dial ups?
!
interface Dialer5
description customer-backup
ip address 192.168.225.185 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
no ip split-horizon
dialer pool 1
dialer remote-name cr1.customer.site
dialer idle-timeout 180
dialer-group 1
no cdp enable
ppp authentication pap
ppp chap refuse
ppp multilink bap
ppp multilink links maximum 2
ppp multilink links minimum 2
ppp multilink endpoint string customer-backup
end
!
username cr1.customer.site password
!
ip route
03-06-2007 11:55 PM
Hi Brad
If you want your remote cutsomers to get authenticated from your radius server then remove the AAA config line as well as the username /password configured in your router.
But do make sure that you have the username/password info available in your radius server so that they can get connected without any issues..
I would suggest to get the same tested with a simple test setup before implementing for a live customer.
Do create a dialer and configure it for a test dialin also create username/password credentials in the radius server for the test setup.
once you are done remove the AAA config line and try to connect to your 3640 router.
That will help you out to migrate the authentication for the customers from normal local database to Radius..
regds
03-07-2007 12:57 AM
Step 1 - Create dialer
Step 2 - create username on radius server
Step 3 - remove AAA config line
What about the dialer created on the Client router? Does that stay as is?
If the above steps work then we have no need for dialers any longer ....right?
03-07-2007 04:03 AM
Hi Brad
I did quote to do out a test setup with your own routers.
Do simulate a client config in your own test router and try connecting with that.
I have told to create new dialer for the test dial up to be done from the test router.
regds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide