RE: Callback with tacacs+

From: Tony Schaffran (groupstudy@cconlinelabs.com)
Date: Tue Jul 27 2004 - 21:05:18 GMT-3

• Next message: Vazman@aol.com: "Re: Callback with tacacs+"
• Previous message: Phil: "Re: Callback with tacacs+"
• Maybe in reply to: Peng Zheng: "Callback with tacacs+"
• Next in thread: Vazman@aol.com: "Re: Callback with tacacs+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It looks like you are missing some things from your config.

For starters, I do not see on your callback server config, the AAA
authentication portion. You have AAA configured, but I do not see in your
ISDN config where you are using it. It looks like you are using a username
config for authentication.

Refer to the config I sent you and you will see.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Peng
Zheng
Sent: Tuesday, July 27, 2004 4:25 PM
To: ccielab@groupstudy.com
Subject: Callback with tacacs+

Configure R1-R3, R3 will callback R1 through tacacs+
authentication and authorization.

Config on R1:

hostname r1
!
!
username r3 password 0 CISCO
interface BRI0
 ip address 192.168.45.4 255.255.255.0
 encapsulation ppp
 dialer map ip 192.168.45.5 name r3 broadcast
4082222222
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 40811111111
 isdn spid2 40811111112
 ppp callback request
 ppp authentication chap
 ppp multilink
 multilink min-links 2
dialer-list 1 protocol ip permit

Config on R3:

hostname r3
!
aaa new-model
aaa authentication ppp default group tacacs+ local
aaa authorization network default group tacacs+ local
!
username r1 callback-dialstring 4081111111 password 0
CISCO

interface Ethernet0
 ip address 192.168.1.3 255.255.255.0
interface BRI0
 ip address 192.168.45.5 255.255.255.0
 encapsulation ppp
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 40822222221
 isdn spid2 40822222222
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 ppp callback accept
 ppp authentication chap
 ppp multilink
 multilink min-links 2
dialer-list 1 protocol ip permit
!
tacacs-server host 192.168.1.2 key cisco

On tacacs+ server, I configured user r1 with
callback-string, Assigned by dialup client, PPP IP,
PPP LCP and PPP multilink

R3 did callback, but disconnect immediately. I got:

01:13:45: %ISDN-6-DISCONNECT: Interface BRI0:1
disconnected from 4081111111 r1,
 call lasted 2 seconds
01:13:45: %LINK-3-UPDOWN: Interface BRI0:1, changed
state to down

Any suggestion?

                
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

• Next message: Vazman@aol.com: "Re: Callback with tacacs+"
• Previous message: Phil: "Re: Callback with tacacs+"
• Maybe in reply to: Peng Zheng: "Callback with tacacs+"
• Next in thread: Vazman@aol.com: "Re: Callback with tacacs+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:04 GMT-3