09-17-2003 05:44 PM - edited 03-10-2019 07:29 AM
I have some problems and I need your help.
I have an AS5300 with AAA to RADIUS. For this DNIS the users dial 5387-2001, this is a resource to connect to internet, and I have other resource where users dial 5387-2020. This last number also has to connect to internet.
My question is how do I configure the AS5300 so that only those users who dial 5387-2020 do not need authentication?
This is my configuration.
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname dialup1-mx
!
no logging console
aaa new-model
aaa authentication login default group radius
aaa authentication login no_radius enable
aaa authentication login no_consola enable
aaa authentication ppp default if-needed group radius
aaa dnis map enable
aaa dnis map 2001 authentication ppp group radius
aaa dnis map 2001 accounting network start-stop group radius
aaa dnis map 2010 authentication ppp group radius
aaa dnis map 2010 accounting network start-stop group radius
aaa dnis map 2020 authentication ppp group radius
aaa dnis map 2020 accounting network start-stop group radius
enable secret 5xxxxxxx
!
spe 1/0 1/9
firmware location flash:mica-modem-pw.2.7.3.0.bin
!
!
resource-pool enable
resource-pool call treatment resource busy
resource-pool call treatment profile no-answer
!
resource-pool group resource protel-inext
range port 1/0 1/20
!
resource-pool group resource clientes-internet
range port 1/21 1/100
!
resource-pool group resource cliente-ewi
range port 1/101 1/119
!
resource-pool profile vpdn vpdn-ewi
limit base-size all
limit overflow-size 0
vpdn group ewi-vpdn-group
!
resource-pool profile vpdn vpdn-inext
limit base-size all
limit overflow-size 0
vpdn group protel-vpdn-group
!
resource-pool profile customer protel-corporativo
limit base-size all
limit overflow-size 0
resource protel-inext speech service protel-service
dnis group vpdn-dnis-group
vpdn profile vpdn-inext
!
resource-pool profile customer internet-inext
limit base-size all
limit overflow-size 0
resource clientes-internet speech service internet-service
dnis group internet-dnis-group
!
resource-pool profile customer cliente-ewi
limit base-size all
limit overflow-size 0
resource cliente-ewi speech service ewi-service
dnis group vpdn-dnis-group-ewi
vpdn profile vpdn-ewi
!
resource-pool profile service protel-service
modem min-speed 9600 max-speed any
!
resource-pool profile service internet-service
modem min-speed 9600 max-speed any
!
resource-pool profile service ewi-service
modem min-speed 9600 max-speed any
!
clock timezone CST -6
clock summer-time CST recurring
clock calendar-valid
ip subnet-zero
ip domain-name redip.protel.net.mx
ip name-server 172.16.10.201
!
vpdn enable
vpdn source-ip xx.xx.135.220
!
vpdn-group ewi-vpdn-group-ewi
request-dialin
protocol l2tp
dnis vpdn-dnis-group-ewi
initiate-to ip x.x.189.28
local name dialup1-mx
!
vpdn-group protel-vpdn-group
request-dialin
protocol l2tp
dnis vpdn-dnis-group
initiate-to ip x.x.111.243
local name dialup1-mx
l2tp tunnel password xxxx
!
async-bootp dns-server x.x.136.1 200.52.138.230
mta receive maximum-recipients 0
!
controller E1 0
framing NO-CRC4
clock source line primary
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country telmex use-defaults
category 2
answer-signal group-b 1
description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00
!
controller E1 1
framing NO-CRC4
clock source line secondary 1
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country telmex use-defaults
category 2
answer-signal group-b 1
description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00
!
controller E1 2
framing NO-CRC4
clock source line secondary 2
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country telmex use-defaults
category 2
answer-signal group-b 1
description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00
!
controller E1 3
framing NO-CRC4
clock source line secondary 3
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country telmex use-defaults
category 2
answer-signal group-b 1
description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00
!
controller E1 4
framing NO-CRC4
clock source line secondary 4
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country telmex use-defaults
category 2
answer-signal group-b 1
description E1 via Telmex/Servicio Dialup/ Tel. 53 87 20 00
!
controller E1 5
framing NO-CRC4
clock source line secondary 5
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country telmex use-defaults
category 2
answer-signal group-b 1
description Ruta AXE pnetxp1 RP 108 EM 4
!
controller E1 6
shutdown
clock source line secondary 6
!
controller E1 7
framing NO-CRC4
clock source line secondary 7
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country telmex use-defaults
category 2
answer-signal group-b 1
description Enlace E1 via Apex /Servicio Internet/ Movil 01-800
!
!
!
!
!
interface Loopback0
no ip address
!
interface Ethernet0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no cdp enable
!
interface FastEthernet0
ip address x.x.x.220 255.255.255.192
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface Group-Async1
description Servicio VPDN
ip unnumbered FastEthernet0
encapsulation ppp
async default routing
async mode interactive
no snmp trap link-status
no cdp enable
ppp authentication chap
group-range 1 21
!
interface Group-Async2
ip unnumbered FastEthernet0
encapsulation ppp
async default routing
--More-- async mode interactive
no snmp trap link-status
peer default ip address pool default
no cdp enable
ppp authentication chap
group-range 22 101
!
interface Group-Async3
description Servicio VPDN-Cliente-EWI
ip unnumbered FastEthernet0
encapsulation ppp
async default routing
async mode interactive
no snmp trap link-status
no peer default ip address
no cdp enable
ppp authentication chap
group-range 102 120
!
router ospf 5
log-adjacency-changes
area 51 authentication message-digest
area 51 nssa
redistribute static subnets
network x.x.x.192 0.0.0.63 area 51
!
ip local pool default x.x.x.193 200.52.131.250
ip classless
ip route x.x.x.192 255.255.255.192 Null0
no ip http server
!
ip radius source-interface FastEthernet0
access-list 10 permit x.x.111.206
access-list 10 permit x.x.135.45
access-list 10 permit x.x.135.225
access-list 10 permit 172.16.10.4
access-list 10 permit 172.16.10.5
access-list 10 permit 172.16.10.15
access-list 10 permit 172.16.10.101
--More-- access-list 51 permit 65.125.189.28
access-list 51 deny any
access-list 71 deny any
access-list 72 permit x.x.143.99
access-list 72 deny any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny pim any any
access-list 101 permit ip any any
!
Thanks
09-18-2003 07:06 AM
I have some problems and I need your help.
I have an AS5300 with AAA to RADIUS. For this DNIS the users dial 5387-2001, this is a resource to connect to internet, and I have other resource where users dial 5387-2020. This last number also has to connect to internet.
My question is how do I configure the AS5300 so that only those users who dial 5387-2020 do not need authentication?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide