Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
1
Replies

ACS 3.3 (Dial Up access Problem)

gsjuguilon
Level 1
Level 1

‎06-06-2005 04:19 AM - edited ‎03-10-2019 02:10 PM

I have an existing ACS 2.X. We are using a 2610 router for the dial up access. All dial up access are working.

When I setup a new machine for the new ACS 3.3.And changed the tacacs server host ip, I could not make the dial up connections working. What seems to be wrong?

Listed below is the configuration of the router.

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname fwdialup

!

aaa new-model

aaa authentication login default tacacs+

aaa authentication login no_tacacs enable

aaa authentication ppp default tacacs+

aaa authentication ppp tacacs+ if-needed

aaa authorization exec default tacacs+

aaa authorization network default tacacs+

aaa accounting exec default start-stop tacacs+

aaa accounting network default start-stop tacacs+

enable secret 5

enable password 7

!

username anton

username michelle

memory-size iomem 20

clock timezone EST 8

ip subnet-zero

!

!

!

!

!

interface Ethernet0/0

ip address 192.168.30.20 255.255.255.0

ip helper-address 172.16.1.21

no ip directed-broadcast

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Group-Async1

ip unnumbered Ethernet0/0

no ip directed-broadcast

encapsulation ppp

async dynamic routing

async mode interactive

peer default ip address pool dialup

no cdp enable

ppp authentication chap

group-range 33 48

!

ip local pool dialup 192.168.30.41 192.168.30.56

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

ip route 172.16.0.0 255.255.0.0 192.168.30.1

ip route 172.18.0.0 255.255.0.0 192.168.30.1

ip route 192.9.201.0 255.255.255.0 192.168.30.1

no ip http server

!

tacacs-server host 192.168.30.2 single-connection

tacacs-server key itnidworks

snmp-server engineID local xxxx

snmp-server community public RO

snmp-server community private RW

!

line con 0

password 7

login authentication no_tacacs

transport input none

line 33 48

exec-timeout 0 0

autoselect ppp

script dialer cisco-default

modem InOut

autocommand ppp

transport input all

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

password 7

!

end

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎06-06-2005 12:38 PM

With the information that you have provided it is difficult to know what is wrong. Several possibilities that occur to me would include:

- is it possible that the IP address in the config is not the correct address of the new server?

- is it possible that the tacacs key in the config is not the same as the key defined on the new server?

- is it possible that the new server does not recognize requests coming from this router at address 192.168.30.20?

- were the dial access users defined in a particular group on the old server and are they defined the same way on the new server?

It seems to me that a good place to start is with the logs and/or the ACS reports on the new server. Does the new server recognize the authentication requests from the router? If the server saw the request does it think that it authorized it? If the server did see the request but did not authorize it what does it have in the failed attempts report?

Tell us these things and we may be closer to finding the solution.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents