cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
903
Views
0
Helpful
16
Replies

Can't dialin with 2511

chairuou
Level 1
Level 1

Hi all

Please let me know what's wrong with this config. I used this one and sucessded one time but when I tried this on another 2511 , I can't dialin.

------------------------

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname As2511

!

aaa new-model

aaa authentication login DIAL radius

aaa authentication ppp DIAL radius

enable secret 5 <deleted>

!

ip subnet-zero

ip domain-name mydomain.com

ip name-server 192.168.100.1

!

ip dhcp-server 192.168.100.1

!

!

!

interface Ethernet0

ip address 192.168.100.254 255.255.255.0

no ip directed-broadcast

!

interface Serial0

no ip address

no ip directed-broadcast

shutdown

!

interface Group-Async1

ip unnumbered Ethernet0

ip helper-address 192.168.100.1

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression passive

async mode interactive

peer default ip address dhcp

ppp authentication pap DIAL

group-range 1 16

!

no ip http server

ip classless

!

dialer-list 1 protocol ip permit

radius-server host 192.168.100.1 auth-port 1645 acct-port 1646

radius-server retransmit 5

radius-server timeout 10

radius-server key xxxxxxxxx

!

line con 0

transport input none

line 1 16

autoselect during-login

autoselect ppp

login authentication DIAL

modem InOut

transport input all

speed 57600

flowcontrol hardware

line aux 0

line vty 0 4

password xxxxx

!

end

16 Replies 16

lgijssel
Level 9
Level 9

When the config has been used before, it is not likely that the error is in the config. Is the second router correctly configured on the radius server?

What happens when you dial in? Are there any error messages on the radius server? Is it possible to post a debug ppp neg or something like that?

Hope this helps,

Leo

makchitale
Level 6
Level 6

Need to see where the call fails, during trainup or what stage of PPP negotation. The below debugs will be useful when the call is made:

debug modem / deb ppp nego / deb aaa authent / deb aaa author

Thanks, Mak.

hi,

This is configuration I restart from scratch :

------

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

aaa new-model

aaa authentication login DIAL local

aaa authentication ppp DIAL local

!

username testusr password 0 abc

ip subnet-zero

ip address-pool local

!

!

!

interface Ethernet0

description Connect to LAN

ip address 192.168.100.254 255.255.255.0

no ip directed-broadcast

!

interface Serial0

no ip address

no ip directed-broadcast

shutdown

!

interface Serial1

no ip address

no ip directed-broadcast

shutdown

!

interface Group-Async1

ip unnumbered Ethernet0

no ip directed-broadcast

encapsulation ppp

async mode interactive

peer default ip address pool Setup_Pool

ppp authentication pap DIAL

group-range 1 16

!

ip local pool Setup_Pool 192.168.100.120 192.168.100.135

ip classless

!

logging 192.168.100.1

!

line con 0

transport input none

line 1 16

login authentication DIAL

modem InOut

transport input all

stopbits 1

speed 57600

flowcontrol hardware

line aux 0

line vty 0 4

password letmein

!

end

---------

After debug aaa authen , i see it can't found user, don't know why

I used issued user/pass ( testusr/abc ) to login via telnet it successded but can't dialin with this account.

Debug msg show it found authentication list DIAL and authentication method Local but can't found user ( User not found and after GETPASS command it say STATE=FAIL )

Especially, when I telnet, I can see user name in debug message but when Dialin, I can't see user name, it appeared as some special characters. What's wrong with this ?

TIA

I think it's better if you could post the complete debug.

First, enable "service timestamps debug date msec" from global config mode.

Then issue "debug ppp negotiation" and "debug ppp authentication".

Here's the Log

--------------------------------

Router#sh logg

Log Buffer (4096 bytes):

*Mar 1 03:05:35.939: AAA: parse name=tty5 idb type=10 tty=5

*Mar 1 03:05:35.939: AAA: name=tty5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=5 channel=0

*Mar 1 03:05:35.943: AAA/AUTHEN: create_user (0x277D10) user='' ruser='' port='tty5' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

*Mar 1 03:05:35.947: AAA/AUTHEN/START (624521261): port='tty5' list='DIAL' action=LOGIN service=LOGIN

*Mar 1 03:05:35.947: AAA/AUTHEN/START (624521261): found list DIAL

*Mar 1 03:05:35.951: AAA/AUTHEN/START (624521261): Method=LOCAL

*Mar 1 03:05:35.951: AAA/AUTHEN (624521261): status = GETUSER

*Mar 1 03:05:37.151: AAA/AUTHEN/CONT (624521261): continue_login (user='(undef)')

*Mar 1 03:05:37.151: AAA/AUTHEN (624521261): status = GETUSER

*Mar 1 03:05:37.155: AAA/AUTHEN/CONT (624521261): Method=LOCAL

*Mar 1 03:05:37.155: AAA/AUTHEN (624521261): status = GETPASS

*Mar 1 03:05:51.015: AAA/AUTHEN/CONT (624521261): continue_login (user='`')

*Mar 1 03:05:51.019: AAA/AUTHEN (624521261): status = GETPASS

*Mar 1 03:05:51.023: AAA/AUTHEN/CONT (624521261): Method=LOCAL

*Mar 1 03:05:51.023: AAA/AUTHEN (624521261): User not found

*Mar 1 03:05:51.027: AAA/AUTHEN (624521261): status = FAIL

*Mar 1 03:05:53.031: AAA/AUTHEN: free_user (0x277D10) user='`' ruser='' port='tty5' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

*Mar 1 03:05:53.035: AAA: parse name=tty5 idb type=10 tty=5

*Mar 1 03:05:53.035: AAA: name=tty5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=5 channel=0

*Mar 1 03:05:53.039: AAA/AUTHEN: create_user (0x277D10) user='' ruser='' port='tty5' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

*Mar 1 03:05:53.043: AAA/AUTHEN/START (3103399682): port='tty5' list='DIAL' action=LOGIN service=LOGIN

*Mar 1 03:05:53.047: AAA/AUTHEN/START (3103399682): found list DIAL

*Mar 1 03:05:53.047: AAA/AUTHEN/START (3103399682): Method=LOCAL

*Mar 1 03:05:53.051: AAA/AUTHEN (3103399682): status = GETUSER

*Mar 1 03:05:58.087: AAA/AUTHEN/CONT (3103399682): continue_login (user='(undef)')

*Mar 1 03:05:58.091: AAA/AUTHEN (3103399682): status = GETUSER

*Mar 1 03:05:58.091: AAA/AUTHEN/CONT (3103399682): Method=LOCAL

*Mar 1 03:05:58.095: AAA/AUTHEN (3103399682): status = GETPASS

*Mar 1 03:05:58.299: AAA/AUTHEN/CONT (3103399682): continue_login (user='`')

*Mar 1 03:05:58.299: AAA/AUTHEN (3103399682): status = GETPASS

*Mar 1 03:05:58.303: AAA/AUTHEN/CONT (3103399682): Method=LOCAL

*Mar 1 03:05:58.303: AAA/AUTHEN (3103399682): User not found

*Mar 1 03:05:58.307: AAA/AUTHEN (3103399682): status = FAIL

*Mar 1 03:06:00.307: AAA/AUTHEN: free_user (0x277D10) user='`' ruser='' port='tty5' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

*Mar 1 03:06:00.311: AAA: parse name=tty5 idb type=10 tty=5

*Mar 1 03:06:00.311: AAA: name=tty5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=5 channel=0

*Mar 1 03:06:00.315: AAA/AUTHEN: create_user (0x277D10) user='' ruser='' port='tty5' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

*Mar 1 03:06:00.319: AAA/AUTHEN/START (3259348451): port='tty5' list='DIAL' action=LOGIN service=LOGIN

*Mar 1 03:06:00.323: AAA/AUTHEN/START (3259348451): found list DIAL

*Mar 1 03:06:00.327: AAA/AUTHEN/START (3259348451): Method=LOCAL

*Mar 1 03:06:00.327: AAA/AUTHEN (3259348451): status = GETUSER

*Mar 1 03:06:04.155: AAA/AUTHEN/CONT (3259348451): continue_login (user='(undef)')

*Mar 1 03:06:04.159: AAA/AUTHEN (3259348451): status = GETUSER

*Mar 1 03:06:04.159: AAA/AUTHEN/CONT (3259348451): Method=LOCAL

*Mar 1 03:06:04.163: AAA/AUTHEN (3259348451): status = GETPASS

*Mar 1 03:06:04.259: AAA/AUTHEN/CONT (3259348451): continue_login (user='`')

*Mar 1 03:06:04.263: AAA/AUTHEN (3259348451): status = GETPASS

*Mar 1 03:06:04.267: AAA/AUTHEN/CONT (3259348451): Method=LOCAL

*Mar 1 03:06:04.267: AAA/AUTHEN (3259348451): User not found

*Mar 1 03:06:04.271: AAA/AUTHEN (3259348451): status = FAIL

*Mar 1 03:06:06.275: AAA/AUTHEN: free_user (0x277D10) user='`' ruser='' port='tty5' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

Router#

---------------

TIA

It seems that the username used to connect to this router is NULL.

Could you verify that the dialing client is using the correct username.

The username should be seen in the debug.

Below is an example of a debug where the username can be found:

1w2d: AAA: parse name=tty38 idb type=-1 tty=-1

1w2d: AAA: name=tty38 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=38 channel =0

1w2d: AAA/AUTHEN: create_user (0x61297B5C) user='' ruser='' port='tty38' rem_addr='10.22.2.1/' authen_type=ASCII service=LOGIN priv=1

1w2d: AAA/AUTHEN/START (1572192080): port='tty38' list='' action=LOGIN service=LOGIN

1w2d: AAA/AUTHEN/START (1572192080): using "default" list

1w2d: AAA/AUTHEN/START (1572192080): Method=LOCAL

1w2d: AAA/AUTHEN (1572192080): status = GETUSER

1w2d: AAA/AUTHEN/CONT (1572192080): continue_login (user='(undef)')

1w2d: AAA/AUTHEN (1572192080): status = GETUSER

1w2d: AAA/AUTHEN/CONT (1572192080): Method=LOCAL

1w2d: AAA/AUTHEN (1572192080): status = GETPASS

1w2d: AAA/AUTHEN/CONT (1572192080): continue_login (user='user6')

1w2d: AAA/AUTHEN (1572192080): status = GETPASS

1w2d: AAA/AUTHEN/CONT (1572192080): Method=LOCAL

1w2d: AAA/AUTHEN (1572192080): password incorrect

1w2d: AAA/AUTHEN (1572192080): status = ERROR

1w2d: AAA/AUTHEN/START (2502004780): port='tty38' list='' action=LOGIN service=LOGIN

1w2d: AAA/AUTHEN/START (2502004780): Restart

1w2d: AAA/AUTHEN/START (2502004780): Method=RADIUS

1w2d: AAA/AUTHEN (2502004780): status = GETPASS

1w2d: AAA/AUTHEN/CONT (2502004780): continue_login (user='user6')

1w2d: AAA/AUTHEN (2502004780): status = GETPASS

1w2d: AAA/AUTHEN (2502004780): Method=RADIUS

HTH.

I see this but don't know why, dialin client I used are : win98 with clear text password. another client is windows2k but the problem same. I am make sure setting on client are used PAP as authentication method

Another thing, when I login to router via telnet, I can see my username clearly but can't see this when dialin, anyone know this ?

Thanhks for your quick reply !!!

Just for isolation, could you try creating a new username and password

in the router, then use this for your dialup testing. Thanks.

I did it many time

OK, I see. Try using authentication without AAA and see what happens.

config t

no aaa new-model

int g1

ppp authentication pap default

line 1 16

login authentication default

Thanks.

It still not work

and your command : ppp authen pap default is wrong

just ppp authen pap & login local

What is diffrential between Cisco 2511 and Cisco AS-2511-RJ ? I checkout description section for both but found nothing.

Cisco 2511 has 16 ports via octal fan-out cables (requires a CAB-OCTAL-ASYNC

or a CAB-OCTAL-MODEM) while a Cisco AS2511-RJ has 16 RJ-45 ports.

Here's the link:

http://www.cisco.com/en/US/products/hw/routers/ps233/products_data_sheet09186a008009204c.html

You should probably start troubleshooting from Layer 2, then to Layer 3.

Try removing authentication. If it's still not working, then you may have

PPP problems. The following link provides an example using a Cisco 2511

and information on verification and troubleshooting:

http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a0080093c31.shtml

Goodluck.

Thanks

I've used http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a0080093c31.shtml to try as my config but it get same error.

When I config AS-2511-RJ I also used it as started point to get it work but now it can't work, don't know why, maybe hardware or IOS version is the problem ?

makchitale
Level 6
Level 6

I really do not think it's a router misconfiguration....we see repeated failure at the authentication stage when using AAA server OR even local authentication.

1) Are you trying all you dialup tests from the same PC? Can you try another PC & start from scratch the dialup networking setup on the client.

2)Try without authentication enabled (just for testing sake)..it appears that some how the user credentials that are being sent to the router are getting corrupted or not being sent at all.

Thanks, Mak.

Review Cisco Networking for a $25 gift card