Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
4
Replies

Cisco 3640

ralphbagaipo
Level 1
Level 1

‎10-27-2004 01:31 AM - edited ‎03-02-2019 07:33 PM

i have an existing router(AS5400 IOS 12.2(2)XB12) which works flawlessly with my radius server(XTRadius)..

now i want to add another NAS for my radius server.. a 3640 router (12.0(7)T) that is. and it has 3 16AM(Analog Modems) network modules..

now i cant seem to make the second router work with my radius server..could anyone take a look at this? and point where's the prob?

---------------------------------

Current configuration:

!

version 12.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router2

!

aaa new-model

aaa authentication ppp default if-needed group radius local

aaa authorization network default group radius

aaa accounting update newinfo

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

aaa processes 6

enable secret xxxx

!

!

!

!

!

ip subnet-zero

ip cef

ip name-server <ip-omitted>

!

async-bootp subnet-mask 255.255.255.192

async-bootp gateway <ip-omitted>

async-bootp dns-server <ip-omitted>

!

!

interface Loopback0

no ip address

no ip directed-broadcast

!

interface FastEthernet0/0

ip address <ip-omitted> 255.255.255.192

no ip directed-broadcast

no ip mroute-cache

speed auto

full-duplex

!

!

interface Group-Async0

ip unnumbered FastEthernet0/0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression

async mode interactive

peer default ip address pool secondpool

ppp authentication pap

group-range 33 48

!

interface Group-Async1

ip unnumbered FastEthernet0/0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression

async mode interactive

peer default ip address pool thirdpool

no cdp enable

ppp authentication pap

group-range 65 80

!

interface Group-Async2

ip unnumbered FastEthernet0/0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression

async mode interactive

peer default ip address pool fourthpool

ppp authentication pap

group-range 97 112

!

router rip

network <address-omitted>

network <address-omitted>

!

ip local pool secondpool <ip-range-omitted>

ip local pool thirdpool <ip-range-omitted>

ip local pool fourthpool <ip-range-omitted>

ip default-gateway <ip-omitted>

ip classless

ip route 0.0.0.0 0.0.0.0 <ip-omitted>

no ip http server

!

access-list 1 permit <ip-omitted>

dialer-list 1 protocol ip permit

snmp-server engineID local xxxx

snmp-server community public RO 1

snmp-server host <ip-omitted> public

radius-server host <ip-omitted> auth-port 1812 acct-port 1813

radius-server key <key-omitted>

!

line con 0

transport input none

line 33 48

autoselect during-login

autoselect ppp

modem InOut

transport input all

stopbits 1

flowcontrol hardware

line 65 80

autoselect during-login

autoselect ppp

modem InOut

transport input all

stopbits 1

flowcontrol hardware

line 97 112

autoselect during-login

autoselect ppp

modem InOut

transport input all

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

<line-omitted>

!

end

------------------------------------------

many thanks!

ralph

Labels:
0 Helpful
4 Replies 4

paddyxdoyle
Level 6
Level 6

‎10-27-2004 07:00 AM

Your AAA config looks fine to me, i have used the the following on a 3620 when authentication ppp users

against a SecureDynamics Ace server

aaa new-model

radius-server host *.*.*.*

radius-server key 0 radius_key

aaa authentication ppp user-radius group radius

interface Group-Async1

ppp authentication pap user-radius

If you run "debug radius" and "debug aaa authentications" what do you see in the logs

0 Helpful

ralphbagaipo
Level 1
Level 1
In response to paddyxdoyle

‎10-27-2004 05:58 PM

it says something about authorization not configured.

what happened is that the authentication stage doesn't reach the radius server..

0 Helpful

ralphbagaipo
Level 1
Level 1
In response to paddyxdoyle

‎10-27-2004 06:49 PM

here's what i get on debug..

------------------------------------

Oct 28 03:10:43.675: AAA: parse name=tty77 idb type=10 tty=77

Oct 28 03:10:43.675: AAA: name=tty77 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=77 channel=0

Oct 28 03:10:43.675: AAA/MEMORY: create_user (0x610837F8) user='' ruser='' port='tty77' rem_addr='async' authen_type=ASCII 1Oct 28 03:10:43.675: AAA/AUTHEN/START (985866565): port='tty77' list='' action=LOGIN service=LOGIN

Oct 28 03:10:43.675: AAA/AUTHEN/START (985866565): non console login - defaults to local database

Oct 28 03:10:43.675: AAA/AUTHEN/START (985866565): Method=LOCAL

Oct 28 03:10:43.675: AAA/AUTHEN (985866565): status = GETUSER

Oct 28 03:11:13.675: AAA/AUTHEN/ABORT: (985866565) because CTRL-C pressed.

Oct 28 03:11:15.675: AAA/MEMORY: free_user (0x610837F8) user='' ruser='' port='tty77' rem_addr='async' authen_type=ASCII se1Oct 28 03:11:15.675: AAA: parse name=tty77 idb type=10 tty=77

Oct 28 03:11:15.675: AAA: name=tty77 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=77 channel=0

Oct 28 03:11:15.675: AAA/MEMORY: create_user (0x6107D21C) user='' ruser='' port='tty77' rem_addr='async' authen_type=ASCII 1Oct 28 03:11:15.675: AAA/AUTHEN/START (392461941): port='tty77' list='' action=LOGIN service=LOGIN

Oct 28 03:11:15.675: AAA/AUTHEN/START (392461941): non console login - defaults to local database

Oct 28 03:11:15.675: AAA/AUTHEN/START (392461941): Method=LOCAL

Oct 28 03:11:15.675: AAA/AUTHEN (392461941): status = GETUSER

Oct 28 03:11:23.675: AAA/AUTHEN/ABORT: (392461941) because Carrier dropped.

Oct 28 03:11:23.675: AAA/MEMORY: free_user (0x6107D21C) user='' ruser='' port='tty77' rem_addr='async' authen_type=ASCII se1

----------------------------------------------------

thanks

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ralphbagaipo

‎10-28-2004 06:19 AM

In looking at the debug output I am especially interested in this line:

Oct 28 03:10:43.675: AAA/AUTHEN/START (985866565): non console login - defaults to local database

this indicates that it is attempting to use the local data base for authentication.

I am assuming that it is using the local data base because of some problem with radius. There are a couple of things I would check including:

- are you sure that the config of the radius server is correct? is it the correct IP address? is the key value correct? (To be sure about this I would probably remove the current config entries and manually key in new entries).

- is the radius server reachable from this router? can you ping the server from the router? (I do not remember whether your config specified a source address for radius but if it did, be sure to do extended ping to the server and specify the same source address as the router will use for radius)

- is the radius server correctly configured to process this router?

- is there any logging at the radius server to indicate whether it is seeing requests from this router and if so how it thinks it is responding?

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card