cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2043
Views
0
Helpful
1
Replies

VPDN authentication on a 3640

eddie.lindsay
Level 1
Level 1

I have a 3640 running IOS 12.2(2)T1 Enterprise plus. It is doing PPPoE VPDN using radius authentication.

The problem I have is that I see the PPP chap authentication request come in to the 3640 but I don't see any radius request being sent out of the 3640 toward the radius server. In a debug aaa authentication output the radius method simply reports back a fail.

I have tried this on 12.2(2)T1, 12.2(4)T1 and 12.2(7) with no joy.

The configuration I have is running perfectly well on a 7206VXR (using 12.2(2)T1 Enterprise plus code).

Has anyone run in to problems before on this or does anyone know of an outstanding bug related to radius on a 3640.

Many thanks

1 Reply 1

tepatel
Cisco Employee
Cisco Employee

When the user dials in using the chap, access server will challange the user and user will send the response. Now access server will fire the resuest to radius server to validate that response for that user. If the access server is not sending the resuest to validate the response then we need to turn on debug to track it. Now RADIUS protocol will not support the two-way chap.

So to debug this issue more we need

debug ppp authentication

debug ppp negotiation

debug aaa authentication

debug radius

Also see the debug on the following link, well explained for PAP and CHAP authentication.

http://www.cisco.com/warp/public/480/radius_pppdebug.html

Thx..Tejal