callback and normal dialup with 2611 using tacacs+ ACS windows based

shareqs · ‎07-16-2002

i have a problem with using callback and normal dialup,i have 2611 router with the below config.i am using tacacs+ for authentication with ACS with windows version.in this i have 250 users from which i wana give callback facility to 50 users and rest of as normal.

when i use " aaa authorization network default group tacacs+ local " with below config the users with callback getting callback and access to office network but the normal users are not getting normal dialup.

i am aiting for your reply and suggestions

router01#sh run

Building configuration...

Current configuration:

!

version 12.0

service exec-callback

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname router01

!

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login no_tacacs enable

aaa authentication ppp default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

enable secret 5 $1$9.Tm$M/E5GMrqHze7AmqeOObux0

enable password 7 104D000A0618

!

username abc password 7 04480A04

username admin privilege 15 password 7 04481C030A351D1F5A

!

ip subnet-zero

ip domain-name domain

ip name-server 10.6.1.1

ip name-server 10.6.1.25

!

chat-script offhook "" "ATH1" OK

chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 30 CO

NNECT \C

!

interface FastEthernet0/0

ip address 10.6.1.205 255.0.0.0

no ip directed-broadcast

duplex auto

speed auto

!

interface Serial0/0

no ip address

no ip directed-broadcast

no ip mroute-cache

shutdown

no fair-queue

!

interface Serial0/1

no ip address

no ip directed-broadcast

shutdown

!

interface Group-Async1

ip unnumbered FastEthernet0/0

no ip directed-broadcast

encapsulation ppp

no ip mroute-cache

carrier-delay msec 0

async mode interactive

peer default ip address pool default

compress stac

ppp callback permit

ppp authentication pap chap

group-range 33 48

!

ip local pool default 10.6.6.158 10.6.6.173

ip classless

ip route 0.0.0.0 0.0.0.0 10.6.1.20

no ip http server

!

tacacs-server host 10.6.6.9

tacacs-server key tackey

!

line con 0

login authentication no_tacacs

transport input none

line 33 48

autoselect during-login

autoselect ppp

script callback callback

modem InOut

modem autoconfigure discovery

transport input all

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

password 7 13061E010803

!

end

tepatel · ‎07-16-2002

The best way is to leave that "aaa authorization..." in the config and debug for the normal dialup call to know why its not working..The debug to turn on for a normal call (without callback)

debug ppp nego

debug chat

debug callback

debug ppp cbcp

debug aaa per

debug aaa authorization

Here is the sample config for that too.

http://www.cisco.com/warp/public/471/ppp-callback-aaa.html

Another way to configure is "ppp callback accept" under the interface group-async 1 and if you don't want callback for some users, pl. disable callback at the client side if possible.

OR you can also manage everything (callback and no callback) thru per user config from TACACS

makchitale · ‎07-16-2002

Based on username configure callback for a set of users & normal dialin for the rest on the tacacs server.

http://www.cisco.com/warp/public/480/pppcallback_tac.html

Thanks, Mak.

shareqs · ‎07-16-2002

if i remove this "aaa authorization network default group tacacs+ local " from running config all the normal dialup users can connect easily but the callback users are not getting callback.but when i use this callback users are getting callback but normal dialup users are not getting connected.i aslo uset ppp callback accept with this but the same.

when i check the debug there is something with compression ccp and if i use static ip address for normal user its connecting.