Getting SENDAUTH password from RADIUS

ovt · ‎05-05-2004

Hi!

Does anybody know an easy way to get SENDAUTH password from RADIUS?

Suppose we have ISDN line with hub router that can call several remote routers. I don't want to configure the hub with lots of "username Remote-X password Y", but still want to use different CHAP password for each remote peer. Unfortunately the following simple config doesn't work:

! hostname R2 - hub

aaa new-model

aaa authentication ppp ISDN group radius

aaa authorization network ISDN group radius

int dialer 1

ppp authentication chap ISDN

ppp authorization ISDN

dialer map ip ... name R4 broadcast ...

When R2 receives CHAP challenge from R4 I see:

AAA/AUTHEN/START (2566237755): port='BRI0/0:1' list='ISDN' action=SENDAUTH service=PPP

AAA/AUTHEN/START (2566237755): found list ISDN

AAA/AUTHEN/START (2566237755): Method=radius (radius)

AAA/AUTHEN/SENDAUTH (2566237755): Failed sendauthen for R4

AAA/AUTHEN (2566237755): status = FAIL

AAA/AUTHEN/START (2566237755): no methods left to try

AAA/AUTHEN (2566237755): status = ERROR

AAA/AUTHEN/START (2566237755): failed to authenticate

BR0/0:1 CHAP: Username R4: lookup failure

R2 doesn't even go to the RADIUS server to get SENDAUTH password for outbound CHAP authentication.

Is there an easy way to configure this? ("Large-scale dialout" IOS feature looks overcomplicated for this simple task.)

benhur.p · ‎05-17-2004

Hi,

Any update on this ?

ovt · ‎05-17-2004

Still no replay from comp.dcom.sys.cisco, www.securityie.com, forums.cisco.com.

It seems it is not possible at all.