cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1646
Views
0
Helpful
1
Replies

Connection to AS5300 , no AAA

moiseshp
Level 1
Level 1

I have some problems and I need your help.

I have an AS5300 with AAA to RADIUS. For this DNIS the users dial 5387-2001, this is a resource to connect to internet, and I have other resource where users dial 5387-2020. This last number also has to connect to internet.

My question is how do I configure the AS5300 so that only those users who dial 5387-2020 do not need authentication?

This is my configuration.

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname dialup1-mx

!

no logging console

aaa new-model

aaa authentication login default group radius

aaa authentication login no_radius enable

aaa authentication login no_consola enable

aaa authentication ppp default if-needed group radius

aaa dnis map enable

aaa dnis map 2001 authentication ppp group radius

aaa dnis map 2001 accounting network start-stop group radius

aaa dnis map 2010 authentication ppp group radius

aaa dnis map 2010 accounting network start-stop group radius

aaa dnis map 2020 authentication ppp group radius

aaa dnis map 2020 accounting network start-stop group radius

enable secret 5xxxxxxx

!

spe 1/0 1/9

firmware location flash:mica-modem-pw.2.7.3.0.bin

!

!

resource-pool enable

resource-pool call treatment resource busy

resource-pool call treatment profile no-answer

!

resource-pool group resource protel-inext

range port 1/0 1/20

!

resource-pool group resource clientes-internet

range port 1/21 1/100

!

resource-pool group resource cliente-ewi

range port 1/101 1/119

!

resource-pool profile vpdn vpdn-ewi

limit base-size all

limit overflow-size 0

vpdn group ewi-vpdn-group

!

resource-pool profile vpdn vpdn-inext

limit base-size all

limit overflow-size 0

vpdn group protel-vpdn-group

!

resource-pool profile customer protel-corporativo

limit base-size all

limit overflow-size 0

resource protel-inext speech service protel-service

dnis group vpdn-dnis-group

vpdn profile vpdn-inext

!

resource-pool profile customer internet-inext

limit base-size all

limit overflow-size 0

resource clientes-internet speech service internet-service

dnis group internet-dnis-group

!

resource-pool profile customer cliente-ewi

limit base-size all

limit overflow-size 0

resource cliente-ewi speech service ewi-service

dnis group vpdn-dnis-group-ewi

vpdn profile vpdn-ewi

!

resource-pool profile service protel-service

modem min-speed 9600 max-speed any

!

resource-pool profile service internet-service

modem min-speed 9600 max-speed any

!

resource-pool profile service ewi-service

modem min-speed 9600 max-speed any

!

clock timezone CST -6

clock summer-time CST recurring

clock calendar-valid

ip subnet-zero

ip domain-name redip.protel.net.mx

ip name-server 172.16.10.201

!

vpdn enable

vpdn source-ip xx.xx.135.220

!

vpdn-group ewi-vpdn-group-ewi

request-dialin

protocol l2tp

dnis vpdn-dnis-group-ewi

initiate-to ip x.x.189.28

local name dialup1-mx

!

vpdn-group protel-vpdn-group

request-dialin

protocol l2tp

dnis vpdn-dnis-group

initiate-to ip x.x.111.243

local name dialup1-mx

l2tp tunnel password xxxx

!

async-bootp dns-server x.x.136.1 200.52.138.230

mta receive maximum-recipients 0

!

controller E1 0

framing NO-CRC4

clock source line primary

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 1

framing NO-CRC4

clock source line secondary 1

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 2

framing NO-CRC4

clock source line secondary 2

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 3

framing NO-CRC4

clock source line secondary 3

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 4

framing NO-CRC4

clock source line secondary 4

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00

!

controller E1 5

framing NO-CRC4

clock source line secondary 5

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description Ruta AXE pnetxp1 RP 108 EM 4

!

controller E1 6

shutdown

clock source line secondary 6

!

controller E1 7

framing NO-CRC4

clock source line secondary 7

line-termination 75-ohm

ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled

cas-custom 0

country telmex use-defaults

category 2

answer-signal group-b 1

description Enlace E1 via Apex /Servicio Internet/ Movil 01-800

!

!

!

!

!

interface Loopback0

no ip address

!

interface Ethernet0

no ip address

no ip route-cache

no ip mroute-cache

shutdown

no cdp enable

!

interface FastEthernet0

ip address x.x.x.220 255.255.255.192

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

no cdp enable

!

interface Group-Async1

description Servicio VPDN

ip unnumbered FastEthernet0

encapsulation ppp

async default routing

async mode interactive

no snmp trap link-status

no cdp enable

ppp authentication chap

group-range 1 21

!

interface Group-Async2

ip unnumbered FastEthernet0

encapsulation ppp

async default routing

--More-- async mode interactive

no snmp trap link-status

peer default ip address pool default

no cdp enable

ppp authentication chap

group-range 22 101

!

interface Group-Async3

description Servicio VPDN-Cliente-EWI

ip unnumbered FastEthernet0

encapsulation ppp

async default routing

async mode interactive

no snmp trap link-status

no peer default ip address

no cdp enable

ppp authentication chap

group-range 102 120

!

router ospf 5

log-adjacency-changes

area 51 authentication message-digest

area 51 nssa

redistribute static subnets

network x.x.x.192 0.0.0.63 area 51

!

ip local pool default x.x.x.193 200.52.131.250

ip classless

ip route x.x.x.192 255.255.255.192 Null0

no ip http server

!

ip radius source-interface FastEthernet0

access-list 10 permit x.x.111.206

access-list 10 permit x.x.135.45

access-list 10 permit x.x.135.225

access-list 10 permit 172.16.10.4

access-list 10 permit 172.16.10.5

access-list 10 permit 172.16.10.15

access-list 10 permit 172.16.10.101

--More-- access-list 51 permit 65.125.189.28

access-list 51 deny any

access-list 71 deny any

access-list 72 permit x.x.143.99

access-list 72 deny any

access-list 101 deny 55 any any

access-list 101 deny 77 any any

access-list 101 deny pim any any

access-list 101 permit ip any any

!

Thanks

1 Reply 1

moiseshp
Level 1
Level 1

I have some problems and I need your help.

I have an AS5300 with AAA to RADIUS. For this DNIS the users dial 5387-2001, this is a resource to connect to internet, and I have other resource where users dial 5387-2020. This last number also has to connect to internet.

My question is how do I configure the AS5300 so that only those users who dial 5387-2020 do not need authentication?