cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
693
Views
0
Helpful
7
Replies

Changes in MS Callback feature from 12.2(7) to 12.2(8)T4?

joschniepp
Level 1
Level 1

Hi all,

after upgrading from 12.2(7) to 12.2(8)T4 (pppoe client needed) MS callback to Win98 clients doesn't work any more. I didn't try it with Win2000 but I estimate that this won't work too.

All I did was upgrading the router, reloading, configuring pppoe client - no changes where made in the RAS config. Is/was this a bug or feature. Is callback with MS dialup network supported? So many

questions.

I want to dial in with user - let's say xx5 according to the config - and I want to callback this user.

With my old IOS version I just needed to add a callback number like username xx3 callback-dialstring 999 password asd and it worked!

So what's wrong?

TIA,

Joe

If you want to have look at the config - here it is:

!

! Last configuration change at 08:59:54 CET Wed Mar 27 2002 by asd

! NVRAM config last updated at 09:22:08 CET Wed Mar 27 2002 by asd

!

version 12.2

service exec-callback

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

service exec-wait

!

hostname asterix

!

logging buffered 4096 debugging

enable secret xxx

!

username xx1 password asd

username xx2 password asd

username xx3 callback-dialstring 999 password asd

username xx4 password asd

username xx5 callback-dialstring 999 password asd

username xx6 password asd

username xx7 password asd

username xx8 password asd

username xx9 callback-dialstring 999 password asd

username xx10 callback-dialstring 999 password asd

username xx11 nocallback-verify callback-dialstring "" password asd

username xx12 password asd

clock timezone CET 1

clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

ip subnet-zero

no ip source-route

!

!

ip host idefix 192.168.1.3

ip host majestix 192.168.1.12

ip host obelix 192.168.1.2

ip host asterix 192.168.1.1

ip host miraculix 192.168.1.13

ip host methusalix 192.168.1.11

ip name-server 192.168.1.13

!

no ip bootp server

vpdn enable

!

vpdn-group 1

request-dialin

protocol pppoe

!

isdn switch-type basic-1tr6

isdn voice-call-failure 0

isdn tei-negotiation first-call

chat-script offhook "" "ATZ" OK

chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATX3DT0 \T"

TIMEOUT 60 CONNECT \c

!

!

!

!

!

!

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

!

!

!

interface Ethernet0/0

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

no ip route-cache

no ip mroute-cache

full-duplex

no cdp enable

!

interface Ethernet0/1

description T-DSL Anschluss

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

no ip mroute-cache

shutdown

half-duplex

pppoe enable

pppoe-client dial-pool-number 21

no cdp enable

!

interface BRI1/0

no ip address

encapsulation ppp

no ip route-cache

no ip mroute-cache

load-interval 30

dialer pool-member 1 max-link 2

isdn switch-type basic-1tr6

priority-group 10

compress mppc

no cdp enable

ppp multilink

!

interface BRI1/1

no ip address

ip nat inside

encapsulation ppp

ip tcp header-compression

no ip mroute-cache

no keepalive

dialer rotary-group 11

dialer-group 1

isdn switch-type basic-1tr6

isdn fast-rollover-delay 1

compress mppc

no cdp enable

ppp authentication pap

!

interface BRI1/2

no ip address

no ip mroute-cache

shutdown

isdn switch-type basic-1tr6

no cdp enable

!

interface BRI1/3

no ip address

no ip mroute-cache

shutdown

isdn switch-type basic-1tr6

no cdp enable

!

interface Async65

bandwidth 38

ip address 192.168.22.1 255.255.255.0

ip nat inside

encapsulation ppp

ip tcp header-compression passive

no ip mroute-cache

async dynamic address

async mode interactive

peer default ip address 192.168.22.11

compress mppc

!

interface Dialer1

description Internet ueber MuchmoreTelecom Flatrate

ip address negotiated

ip access-group 100 in

no ip unreachables

ip nat outside

encapsulation ppp

no ip route-cache

ip tcp header-compression

no ip mroute-cache

load-interval 30

dialer pool 1

dialer remote-name arcor

dialer idle-timeout 600

dialer enable-timeout 2

dialer string 1234

dialer hold-queue 10

dialer load-threshold 1 either

dialer-group 2

priority-group 10

compress mppc

no cdp enable

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username anything password nothing

ppp multilink

!

interface Dialer2

description Internet ueber Arcor (Backup)

ip address negotiated

ip access-group 100 in

no ip unreachables

ip nat outside

encapsulation ppp

no ip route-cache

ip tcp header-compression

no ip mroute-cache

load-interval 30

shutdown

dialer pool 1

dialer remote-name Arcor

dialer idle-timeout 600

dialer enable-timeout 2

dialer string 00192072

dialer hold-queue 10

dialer load-threshold 20 either

dialer-group 2

priority-group 10

no cdp enable

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username anything password nothing

ppp multilink

!

interface Dialer11

description RAS

ip address 192.168.21.1 255.255.255.0

ip nat inside

encapsulation ppp

no ip route-cache

ip tcp header-compression

no ip mroute-cache

load-interval 30

dialer in-band

dialer idle-timeout 1800

dialer fast-idle 1

dialer enable-timeout 2

dialer-group 1

peer default ip address pool baisch_ras

compress mppc

no cdp enable

ppp callback accept

ppp authentication chap callin

ppp multilink

!

interface Dialer21

ip address negotiated

ip mtu 1492

ip nat outside

encapsulation ppp

no ip route-cache

no ip mroute-cache

dialer pool 21

dialer-group 101

no cdp enable

ppp authentication pap callin

ppp pap sent-username anything password nothing

!

ip local pool baisch_ras 192.168.21.11 192.168.21.50

ip nat inside source list 101 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

ip pim bidir-enable

!

!

!

map-class dialer callback

dialer callback-server username

!

logging 192.168.1.12

access-list 99 permit 192.168.0.0 0.0.255.255

access-list 100 permit ...

access-list 101 permit ...

priority-list 10 protocol ip low tcp ftp

priority-list 10 protocol ip low tcp ftp-data

priority-list 10 protocol ip low tcp pop3

priority-list 10 protocol ip low tcp smtp

priority-list 10 protocol ip high tcp www

priority-list 10 protocol ip high tcp 443

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip list 101

no cdp run

!

call rsvp-sync

!

!

mgcp profile default

!

dial-peer cor custom

!

!

!

banner motd

This is a private system operated for and by

xxx.

Authorization from xxx management is required to use

this system.

Use by unauthorized persons is prohibited.

!

line con 0

exec-timeout 2 0

login local

line aux 0

session-timeout 11

location Async Dial-In

exec-timeout 11 10

script startup offhook

script reset offhook

script modem-off-hook offhook

script callback callback

no vacant-message

login local

modem InOut

transport preferred telnet

transport input all

callback forced-wait 20

stopbits 1

speed 38400

flowcontrol hardware

line vty 0 4

access-class 99 in

exec-timeout 5 0

password 7 0458

login local

!

ntp clock-period 17208918

ntp server 192.53.103.104

ntp server 129.69.1.153

ntp server 130.149.17.8

ntp server 131.188.3.220

!

end

7 Replies 7

jduffek
Level 1
Level 1

At first I thought the pppoe stuff might be messing up the callback, with the dialers and all, but you are doing exec-callback so that shouldn't cause any problems.

I did a bug search on cco and found this:

CSCdw63293 - callback is calling garbage

First Found-in Version: 12.2(7.6)T

Release Notes

callback is calling garbage

example :

Event: Call to ^->o`lB at 64 Kb/s

\____> Garbage.

the switch will return :

Invalid number format

this bug as dup'd to:

CSCdu50702 - PPP authorization fails for callback when LCP renegotiates

Fixed-in:

12.2(4.1) 12.2(4.1)S 12.2(4.1)PI 12.2(5.2)T

12.2(4.02a)DA 12.2(6.4)PB 12.2(6.4)B 12.2(8.5)T

12.2(8.5)PI04

Release Notes:

On a callback call, if LCP completes negotiation (LCP Open) and

prior to IPCP (or any NCP) completeling negotiation LCP negotiation

restarts, this may cause the callback call to fail due to AAA

authorization problems.

Workaround is to enable authentication for callin and callout on

the NAS.

In one case, the workaround was to use

"ppp authentication pap chap callin callback", as the default would fail.

I'm not sure these are related, can you run some debugs to confirm?

Josh

Josh,

thanks for your reply.

I don't think that this bug is my problem. The router doesn't call back at all.

I made some debug:

Apr 1 09:51:36: %LINK-3-UPDOWN: Interface BRI1/1:1, changed state to up

Apr 1 09:51:36: BR1/1:1 PPP: Authorization NOT required

Apr 1 09:51:36: BR1/1:1 PPP: Treating connection as a callin

Apr 1 09:51:36: BR1/1:1 PPP: Phase is ESTABLISHING, Passive Open

Apr 1 09:51:36: BR1/1:1 LCP: State is Listen

Apr 1 09:51:38: BR1/1:1 LCP: I CONFREQ [Listen] id 0 len 50

Apr 1 09:51:38: BR1/1:1 LCP: ACCM 0x00000000 (0x020600000000)

Apr 1 09:51:38: BR1/1:1 LCP: MagicNumber 0x1D646287 (0x05061D646287)

Apr 1 09:51:38: BR1/1:1 LCP: PFC (0x0702)

Apr 1 09:51:38: BR1/1:1 LCP: ACFC (0x0802)

Apr 1 09:51:38: BR1/1:1 LCP: Callback 6 (0x0D0306)

Apr 1 09:51:38: BR1/1:1 LCP: MRRU 1614 (0x1104064E)

Apr 1 09:51:38: BR1/1:1 LCP: EndpointDisc 1 Local

Apr 1 09:51:38: BR1/1:1 LCP: (0x13170179989DB9E9284DE0AEB573B7BB)

Apr 1 09:51:38: BR1/1:1 LCP: (0xFE52ED00000000)

Apr 1 09:51:38: BR1/1:1 LCP: O CONFREQ [Listen] id 6 len 28

Apr 1 09:51:38: BR1/1:1 LCP: AuthProto PAP (0x0304C023)

Apr 1 09:51:38: BR1/1:1 LCP: MagicNumber 0x1F81B661 (0x05061F81B661)

Apr 1 09:51:38: BR1/1:1 LCP: MRRU 1524 (0x110405F4)

Apr 1 09:51:38: BR1/1:1 LCP: EndpointDisc 1 asterix (0x130A0161737465726978)

Apr 1 09:51:38: BR1/1:1 LCP: O CONFACK [Listen] id 0 len 50

Apr 1 09:51:38: BR1/1:1 LCP: ACCM 0x00000000 (0x020600000000)

Apr 1 09:51:38: BR1/1:1 LCP: MagicNumber 0x1D646287 (0x05061D646287)

Apr 1 09:51:38: BR1/1:1 LCP: PFC (0x0702)

Apr 1 09:51:38: BR1/1:1 LCP: ACFC (0x0802)

Apr 1 09:51:38: BR1/1:1 LCP: Callback 6 (0x0D0306)

Apr 1 09:51:38: BR1/1:1 LCP: MRRU 1614 (0x1104064E)

Apr 1 09:51:38: BR1/1:1 LCP: EndpointDisc 1 Local

Apr 1 09:51:38: BR1/1:1 LCP: (0x13170179989DB9E9284DE0AEB573B7BB)

Apr 1 09:51:38: BR1/1:1 LCP: (0xFE52ED00000000)

Apr 1 09:51:38: BR1/1:1 LCP: I CONFACK [ACKsent] id 6 len 28

Apr 1 09:51:38: BR1/1:1 LCP: AuthProto PAP (0x0304C023)

Apr 1 09:51:38: BR1/1:1 LCP: MagicNumber 0x1F81B661 (0x05061F81B661)

Apr 1 09:51:38: BR1/1:1 LCP: MRRU 1524 (0x110405F4)

Apr 1 09:51:38: BR1/1:1 LCP: EndpointDisc 1 asterix (0x130A0161737465726978)

Apr 1 09:51:38: BR1/1:1 LCP: State is Open

Apr 1 09:51:38: BR1/1:1 MCB: Initialize

Apr 1 09:51:38: BR1/1:1 MCB: Flush

Apr 1 09:51:38: BR1/1:1 PPP: Phase is AUTHENTICATING, by this end

Apr 1 09:51:38: BR1/1:1 LCP: I IDENTIFY [Open] id 1 len 18 magic 0x1D646287 MSR

ASV5.00

Apr 1 09:51:38: BR1/1:1 PAP: I AUTH-REQ id 5 len 19 from "schniepp"

Apr 1 09:51:38: BR1/1:1 PAP: Authenticating peer schniepp

Apr 1 09:51:38: BR1/1:1 PPP: Phase is FORWARDING, Attempting Forward

Apr 1 09:51:38: BR1/1:1 PPP: Phase is AUTHENTICATING, Unauthenticated User

Apr 1 09:51:38: BR1/1:1 PPP: Sent PAP LOGIN Request to AAA

Apr 1 09:51:38: BR1/1:1 PPP: Received LOGIN Response from AAA = PASS

Apr 1 09:51:38: BR1/1:1 PPP: Phase is FORWARDING, Attempting Forward

Apr 1 09:51:38: BR1/1:1 PPP: Phase is AUTHENTICATING, Authenticated User

Apr 1 09:51:38: BR1/1:1 PAP: O AUTH-ACK id 5 len 5

Apr 1 09:51:38: BR1/1:1 MCB: Start

Apr 1 09:51:38: BR1/1:1 MCB: Callback not authorized for this user schniepp

Apr 1 09:51:38: BR1/1:1 MCB: Newstate 0-INIT -> 2-WAIT_RESPONSE

Apr 1 09:51:38: BRI1/1:1 PPP: O MCB Request(1) id 75 len 6

Apr 1 09:51:38: BRI1/1:1 MCB: O 1 4B 0 6 1 2

Apr 1 09:51:38: BR1/1:1 MCB: O Request Id 75 Callback Type None

Apr 1 09:51:38: BR1/1:1 PPP: Phase is CBCP

Apr 1 09:51:38: BRI1/1:1 PPP: I MCB Response(2) id 75 len 6

Apr 1 09:51:38: BRI1/1:1 MCB: I 2 4B 0 6 1 2

Apr 1 09:51:38: BR1/1:1 MCB: Received response

Apr 1 09:51:38: BR1/1:1 MCB: Response CBK-None 1 2

Apr 1 09:51:38: BRI1/1:1 PPP: O MCB Ack(3) id 76 len 6

Apr 1 09:51:38: BRI1/1:1 MCB: O 3 4C 0 6 1 2

Apr 1 09:51:38: BR1/1:1 MCB: O Ack Id 76 Callback Type None

Apr 1 09:51:38: BR1/1:1 MCB: No Callback negotiated; Exit

Apr 1 09:51:38: BR1/1:1 MCB: Flush

Apr 1 09:51:38: BR1/1:1 PPP: Phase is VIRTUALIZED

Apr 1 09:51:38: Vi1 MCB: Initialize

Apr 1 09:51:38: Vi1 PPP: Phase is DOWN, Setup

Apr 1 09:51:38: Vi1 CCP: Compression already closed

Apr 1 09:51:38: Vi1 CCP: Compression already closed

Apr 1 09:51:38: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Apr 1 09:51:38: Vi1 PPP: Authorization NOT required

Apr 1 09:51:38: Vi1 PPP: Treating connection as a callin

Apr 1 09:51:38: Vi1 PPP: Phase is ESTABLISHING, Passive Open

Apr 1 09:51:38: Vi1 LCP: State is Listen

Apr 1 09:51:38: Vi1 MLP: Added first link BR1/1:1 to bundle schniepp

Apr 1 09:51:38: Vi1 PPP: Phase is UP

Apr 1 09:51:38: Vi1 IPCP: O CONFREQ [Closed] id 1 len 16

Apr 1 09:51:38: Vi1 IPCP: CompressType VJ 15 slots (0x0206002D0F00)

Apr 1 09:51:38: Vi1 IPCP: Address 192.168.21.1 (0x0306C0A81501)

Apr 1 09:51:38: Vi1 CCP: Compression already closed

Apr 1 09:51:38: Vi1 CCP: O CONFREQ [Closed] id 1 len 10

Apr 1 09:51:38: Vi1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

Apr 1 09:51:38: Vi1 CCP: I CONFREQ [REQsent] id 2 len 10

Apr 1 09:51:38: Vi1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

Apr 1 09:51:38: Vi1 CCP: O CONFACK [REQsent] id 2 len 10

Apr 1 09:51:38: Vi1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

Apr 1 09:51:38: Vi1 IPCP: I CONFREQ [REQsent] id 3 len 16

Apr 1 09:51:38: Vi1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002

D0F01)

Apr 1 09:51:38: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)

Apr 1 09:51:38: Vi1 IPCP: Pool returned 192.168.21.50

Apr 1 09:51:38: Vi1 IPCP: O CONFNAK [REQsent] id 3 len 10

Apr 1 09:51:38: Vi1 IPCP: Address 192.168.21.50 (0x0306C0A81532)

Apr 1 09:51:38: Vi1 IPCP: I CONFACK [REQsent] id 1 len 16

Apr 1 09:51:38: Vi1 IPCP: CompressType VJ 15 slots (0x0206002D0F00)

Apr 1 09:51:38: Vi1 IPCP: Address 192.168.21.1 (0x0306C0A81501)

Apr 1 09:51:38: Vi1 CCP: I CONFACK [ACKsent] id 1 len 10

Apr 1 09:51:38: Vi1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

Apr 1 09:51:38: Vi1 CCP: State is Open

Apr 1 09:51:38: Vi1 CCP: ppp_hwcomp_open: no h/w

Apr 1 09:51:38: Vi1 IPCP: I CONFREQ [ACKrcvd] id 4 len 16

Apr 1 09:51:38: Vi1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002

D0F01)

Apr 1 09:51:38: Vi1 IPCP: Address 192.168.21.50 (0x0306C0A81532)

Apr 1 09:51:38: Vi1 IPCP: O CONFACK [ACKrcvd] id 4 len 16

Apr 1 09:51:38: Vi1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002

D0F01)

Apr 1 09:51:38: Vi1 IPCP: Address 192.168.21.50 (0x0306C0A81532)

Apr 1 09:51:38: Vi1 IPCP: State is Open

Apr 1 09:51:38: Di11 IPCP: Install route to 192.168.21.50

Apr 1 09:51:38: Vi1 IPCP: Add link info for cef entry 192.168.21.50

Apr 1 09:51:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/1:1, chang

ed state to up

Apr 1 09:51:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1

, changed state to up

asterix#

Apr 1 09:51:42: %ISDN-6-CONNECT: Interface BRI1/1:1 is now connected to 0718188

137 schniepp

The error is here:

Callback not authorized for this user schniepp

Make sure that there is a username with a callback-dialstring for schniepp.

Note too that you have PAP configured on BRI1/1, and CHAP on the dialer rotary-group.

There's a username: username schniepp callback-dialstring 00718188137 password xxx

BTW I added "ppp authentication pap chap callin callback" on bri1/1 and the dialer rotary-group.

This config worked with 12.2(7) and doesn't work with 12.2(8)T4. This should be a bug.

Since you do not have AAA enabled, the global username is all that is required to authorize callback for a particular user. If you see this working in 12.2(7) but not 12.2(8)T4, and you see the "not authorized" debug message even when you have a username configured for that user with a callback-dialstring, then this is a bug. I do not see any bug ID's that match such behavior (which may be only a 12.2T problem), so I would suggest you open a case with the TAC to have this problem pursued further.

horst.thivessen
Level 1
Level 1

Hello,

I have just already a problem like you.

My solution was to set the timer for recalling higher.

replace: dialer enable-timeout 2

to: dialer enable-timeout 7

Good luck

Horst

Horst,

thanks for your help, but unfortunately this wasn't my problem. I'm convinced that this is a bug since this configuration was working with a previous release.

Review Cisco Networking for a $25 gift card