https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57558#M1580 <HTML><HEAD></HEAD><BODY><P>Is there a way to make the post terminal window go away automatically after ppp is negotiated successfully?</P></BODY></HTML> Fri, 15 Feb 2002 13:26:17 GMT michelle.andersen 2002-02-15T13:26:17Z https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57554#M1567 <P>I have gotten my dialup to work, however I am confused on my AAA configuration. I am using the following:</P><P></P><P>aaa authentication login SECURE group radius local</P><P>aaa authentication login NO_AUTHEN none</P><P>aaa authentication login LOCAL line</P><P>aaa authentication ppp default if-needed group radius local</P><P>aaa authentication ppp SECURE if-needed group radius local</P><P>aaa authorization network default group radius local</P><P>aaa authorization network SECURE group radius local</P><P></P><P>The SECURE is what is applied to my lines. </P><P>Radius passes off to a Cisco Secure ACS database, and hands off to SDI token card server.</P><P></P><P>The problem is when I dial in and passthrough the authentication to radius it leaves me at the router prompt. At which poing I need to enter PPP and close my dialup terminal to be authenticated to the network. I'd like to avoid that final process and after passing authentication have the terminal initiate the ppp automatically.</P><P></P><P>I have tried changes like removing the login, it's my understanding that if access to the EXEC prompt isn't neccesary the login option isn't needed. When removed however, all authentication fails.</P><P></P><P>What advice do you have?</P> Fri, 21 Feb 2020 17:58:12 GMT https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57554#M1567 vvvmell 2020-02-21T17:58:12Z https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57555#M1570 <HTML><HEAD></HEAD><BODY><P>Try using the autocommand on the lines.</P><P></P><P>line 1 96</P><P> autocommand ppp</P><P></P><P>Thanks anyways.</P></BODY></HTML> Fri, 16 Nov 2001 06:17:09 GMT https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57555#M1570 vvvmell 2001-11-16T06:17:09Z https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57556#M1572 <HTML><HEAD></HEAD><BODY><P>What configuration have you setup on your Group-Async interface. Have you included "async mode interactive" and also what is set up on the line configuration for ppp auth? I have include the a sample of what your configuration may include.</P><P></P><P>!</P><P>aaa new-model</P><P>aaa authentication login default group radius local</P><P>aaa authentication ppp default group radius local</P><P>aaa authorization exec default group radius local</P><P>aaa authorization network default group radius local</P><P>aaa accounting exec default start-stop group radius</P><P>aaa accounting network default start-stop group radius</P><P>!</P><P>!</P><P>interface Virtual-Template1</P><P> ip unnumbered Loopback0</P><P> no ip route-cache</P><P> keepalive 20</P><P> timeout absolute 35790 0</P><P> ppp authentication chap</P><P> ppp multilink</P><P> ppp timeout idle 0</P><P>!</P><P>!</P><P>interface Group-Async1</P><P> ip unnumbered Loopback0</P><P> encapsulation ppp</P><P> no ip mroute-cache</P><P> timeout absolute 35790 0</P><P> dialer in-band</P><P> dialer idle-timeout 0</P><P> async dynamic address</P><P> async mode interactive</P><P> no peer default ip address</P><P> no fair-queue</P><P> no cdp enable</P><P> ppp authentication chap</P><P> ppp multilink</P><P> group-range 1 120</P><P>!</P><P>!</P><P>line 1 120</P><P> session-timeout 35791 </P><P> exec-timeout 0 0</P><P> login authentication dialin_exec</P><P> modem InOut</P><P> transport input all</P><P> autoselect during-login</P><P> autoselect ppp</P><P>!</P><P>!</P></BODY></HTML> Thu, 14 Feb 2002 21:01:17 GMT https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57556#M1572 trenth 2002-02-14T21:01:17Z https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57557#M1574 <HTML><HEAD></HEAD><BODY><P>"autocommand ppp nego" OR "autocommand ppp" will prevent the router to display the router prompt. That will make the router start the ppp right-a-way after successful authentication..Tejal</P></BODY></HTML> Fri, 15 Feb 2002 00:59:58 GMT https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57557#M1574 tepatel 2002-02-15T00:59:58Z https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57558#M1580 <HTML><HEAD></HEAD><BODY><P>Is there a way to make the post terminal window go away automatically after ppp is negotiated successfully?</P></BODY></HTML> Fri, 15 Feb 2002 13:26:17 GMT https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57558#M1580 michelle.andersen 2002-02-15T13:26:17Z https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57559#M1588 <HTML><HEAD></HEAD><BODY><P>Nope..There is no automatic way to make the terminal window go away. With terminal window, control is given back to user..And user has to "click" to move forward. Now you can write some special "software script" which can automate that...Thx..Tejal</P></BODY></HTML> Sat, 16 Feb 2002 06:27:13 GMT https://community.cisco.com/t5/network-access-control/as5300-login-problems-with-aaa/m-p/57559#M1588 tepatel 2002-02-16T06:27:13Z