Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
4
Replies

Authentication problem with dial in clients.

Go to solution
mark.egan
Level 1
Level 1

‎07-28-2004 02:35 AM - edited ‎03-02-2019 05:21 PM

Hi All,

I was wondering if you might be able to help me out with a problem I'm having. We have set up a new AS5300 with primary rate and mica modems. ISDN clients dial in using ppp authentication while analogue clients dial in with no authentication. This works fine until we add tacacs config to the AS5300. When added the ISDN clients dial and authenticate successfully through Cisco ACS and works well. However the analogue clients fail to connect. They seem to fail on authentication even tough I don’t think its enabled for the async interfaces. What I need is tacacs authentication for the ISDN clients (connecting to Dialler Interface) and no authentication for the analogue clients. Maybe you have come across this before? Config attached. Any help greatly appreciated.

Labels:
Preview file
8 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎07-28-2004 05:21 AM

Hello,

I think the 'default' list is applied automatically to all interfaces, unless another list is specified In your case, the async dialins would be required to authenticate through TACACS+. I would either change the 'default' list to:

aaa authentication login default none

and apply another list to the ISDN clients:

aaa authentication login ISDN groups tacacs+

Then apply this list to your Dialer 1 interface:

ppp authentication chap ISDN

Can you try this and see if it works ?

Regards,

GP

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎07-28-2004 05:21 AM

Hello,

I think the 'default' list is applied automatically to all interfaces, unless another list is specified In your case, the async dialins would be required to authenticate through TACACS+. I would either change the 'default' list to:

aaa authentication login default none

and apply another list to the ISDN clients:

aaa authentication login ISDN groups tacacs+

Then apply this list to your Dialer 1 interface:

ppp authentication chap ISDN

Can you try this and see if it works ?

Regards,

GP

0 Helpful

Go to solution
mark.egan
Level 1
Level 1
In response to Georg Pauwen

‎07-30-2004 01:57 AM

Thanks GP,

We were finally able to test your suggestions today and it worked perfectly. Many thanks for your prompt and excellent diagnosis.

Regards,

Mark.

0 Helpful

Go to solution
mark.egan
Level 1
Level 1
In response to Georg Pauwen

‎07-30-2004 02:08 AM

Thanks GP,

We were finally able to test your suggestions today and it worked perfectly. Many thanks for your prompt and excellent diagnosis.

Regards,

Mark.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-28-2004 05:42 AM

There are a couple of things I would like clarified:

- do I understand correctly that this configuration worked at one time and users were able to do analogue dial and connect properly and then you added tacacs and the analogue dial stopped working?

- I am not clear what the analogue dial users are doing and where the autocommand connect command is sending them.

I am not sure about it but my immediate suggestion is to try adding this to your config: aaa authentication login default none

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents