05-30-2002 04:03 AM - edited 03-01-2019 09:56 PM
Current the 3620 is configured from Aynch connection and DDR.
When attempting to configure the 3620 to accept calls the ISDN connection is established, authentication is successful but when it gets to "registering your computer on the network" the client gets ERROR 619: The Specified port is not connected" - WHAT CAN BE CAUSING THIS ERROR?
Looking at the debug output it looks like the authorisation is failing. We use Cisco ACS v2.6 for WinNT/2000 and the users authenticate against the SAM database.
Any suggestion would be appreciated.
-------------
Below is a truncated config and the debug output for more information:
CONFIGURATION OF CISCO 3620
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname 3620_RAS
!
logging buffered 4096 debugging
logging rate-limit console 10 except errors
aaa new-model
aaa authentication login default group tacacs+
aaa authentication login aaatacacs group tacacs+ line
aaa authentication login no_tacacs enable
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default group tacacs+
aaa authentication ppp ISDN local
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default if-authenticated group tacacs+
aaa authorization commands 1 default if-authenticated group tacacs+
aaa authorization commands 15 default if-authenticated group tacacs+
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
enable secret <omitted>
!
username site1 password <omitted>
username 3620_RAS password <omitted>
modem country mica united-kingdom
ip subnet-zero
!
!
no ip finger
!
virtual-profile if-needed
virtual-profile aaa
async-bootp gateway 172.16.13.254
async-bootp dns-server 172.16.4.1 172.16.4.5
async-bootp nbns-server 172.16.4.5
isdn switch-type primary-net5
chat-script mod "" "ATDT\T" TIMEOUT 60 CONNECT \C
!
!
controller E1 1/0
pri-group timeslots 1-25
!
controller E1 1/1
!
!
interface Loopback0
ip address 172.16.13.254 255.255.255.0
!
interface FastEthernet1/0
ip address 172.16.12.4 255.255.255.0
speed 100
full-duplex
!
interface Serial1/0:15
description +++ ISDN 30 with 24 channels +++
no ip address
encapsulation ppp
dialer pool-member 1
dialer pool-member 4
no snmp trap link-status
isdn switch-type primary-net5
isdn incoming-voice modem
ppp authentication chap pap
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
carrier-delay msec 0
timeout absolute 120 0
dialer in-band
dialer idle-timeout 600
dialer-group 10
async mode interactive
peer default ip address pool Async-addr-pool
no fair-queue
ppp callback accept
ppp authentication ms-chap
group-range 1 30
!
interface Dialer1
ip address 172.16.14.29 255.255.255.252
encapsulation ppp
dialer pool 1
dialer remote-name site1
dialer idle-timeout 600
dialer string <omitted>
dialer load-threshold 150 outbound
dialer max-call 2
dialer-group 1
no cdp enable
ppp authentication chap ISDN
ppp multilink
!
interface Dialer4
description ++ ISDN RAS Configuration +++
ip unnumbered Loopback0
encapsulation ppp
dialer in-band
dialer idle-timeout 3600
dialer-group 4
peer default ip address pool async_addr_pool
no cdp enable
ppp authentication ms-chap
ppp multilink
!
router eigrp 10
redistribute static
passive-interface Serial1/0:15
passive-interface Group-Async1
passive-interface Dialer1
passive-interface Dialer4
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip local pool Async-addr-pool 172.16.13.1 172.16.13.50
ip classless
ip route 172.16.15.0 255.255.255.192 Dialer1
ip http server
!
no logging trap
access-list 100 permit ip any any
access-list 104 permit ip any any
dialer-list 4 protocol ip list 104
dialer-list 10 protocol ip list 100
tacacs-server host 172.16.4.5
tacacs-server key <omitted>
!
line con 0
exec-timeout 30 0
password <omitted>
transport input none
line 1 30
session-timeout 120
timeout login response 120
autoselect ppp
session-disconnect-warning 900
script callback mod
modem InOut
modem autoconfigure type mica
transport preferred none
transport input all
transport output pad v120 telnet rlogin udptn
callback forced-wait 5
line aux 0
line vty 0 4
exec-timeout 60 0
password <ommited>
login authentication aaatacacs
!
end
---------------------------------
DEBUG OUTPUT
ppp authentication
aaa authentication, authorization and accounting
May 30 10:48:24 172.16.12.4 2954: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): Port='Serial1/0:5' list='' service=NET
May 30 10:48:24 172.16.12.4 2955: *Mar 11 03:12:12: AAA/AUTHOR/VP: Se1/0:5 (4059451044) user='testuser'
May 30 10:48:24 172.16.12.4 2956: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): send AV service=ppp
May 30 10:48:24 172.16.12.4 2957: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): send AV protocol=ip
May 30 10:48:24 172.16.12.4 2958: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): found list "default"
May 30 10:48:24 172.16.12.4 2959: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (4059451044): Method=tacacs+ (tacacs+)
May 30 10:48:24 172.16.12.4 2960: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (4059451044): user=testuser
May 30 10:48:24 172.16.12.4 2961: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (4059451044): send AV service=ppp
May 30 10:48:24 172.16.12.4 2962: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (4059451044): send AV protocol=ip
May 30 10:48:24 172.16.12.4 2963: *Mar 11 03:12:12: AAA/ACCT/DS0: channel=5, ds1=0, t3=0, slot=1, ds0=16777221
May 30 10:48:24 172.16.12.4 2964: *Mar 11 03:12:12: %ISDN-6-DISCONNECT: Interface Serial1/0:5 disconnected from 0123456789 testuser, call lasted 1 seconds
May 30 10:48:24 172.16.12.4 2965: *Mar 11 03:12:12: AAA/ACCT: user testuser, acct type 2 (3076794814): Method=tacacs+ (tacacs+)
May 30 10:48:24 172.16.12.4 2966: *Mar 11 03:12:12: TAC+: (4059451044): received author response status = PASS_ADD
May 30 10:48:24 172.16.12.4 2967: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR (4059451044): Post authorization status = PASS_ADD
May 30 10:48:24 172.16.12.4 2968: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): Port='Serial1/0:5' list='' service=NET
May 30 10:48:24 172.16.12.4 2969: *Mar 11 03:12:12: AAA/AUTHOR/VP: Se1/0:5 (68584559) user='testuser'
May 30 10:48:24 172.16.12.4 2970: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): send AV service=ppp
May 30 10:48:24 172.16.12.4 2971: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): send AV protocol=ipx
May 30 10:48:24 172.16.12.4 2972: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): found list "default"
May 30 10:48:24 172.16.12.4 2973: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR/VP (68584559): Method=tacacs+ (tacacs+)
May 30 10:48:24 172.16.12.4 2974: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (68584559): user=testuser
May 30 10:48:24 172.16.12.4 2975: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (68584559): send AV service=ppp
May 30 10:48:24 172.16.12.4 2976: *Mar 11 03:12:12: AAA/AUTHOR/TAC+: (68584559): send AV protocol=ipx
May 30 10:48:24 172.16.12.4 2977: *Mar 11 03:12:12: TAC+: (3076794814): received acct response status = SUCCESS
May 30 10:48:24 172.16.12.4 2978: *Mar 11 03:12:12: %LINK-3-UPDOWN: Interface Serial1/0:5, changed state to down
May 30 10:48:24 172.16.12.4 2979: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR: Duplicate per-user event LCP_DOWN ignored
May 30 10:48:24 172.16.12.4 2980: *Mar 11 03:12:12: AAA/ACCT/ACCT_DISC: Found list "default"
May 30 10:48:24 172.16.12.4 2981: *Mar 11 03:12:12: Serial1/0:5 AAA/DISC: 2/"Lost Carrier"
May 30 10:48:24 172.16.12.4 2982: *Mar 11 03:12:12: AAA/ACCT/ACCT_DISC: Found list "default"
May 30 10:48:24 172.16.12.4 2983: *Mar 11 03:12:12: Serial1/0:5 AAA/DISC/EXT: 1011/"Lost Carrier"
May 30 10:48:24 172.16.12.4 2984: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-bytes-in" to replace, adding it
May 30 10:48:24 172.16.12.4 2985: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-bytes-out" to replace, adding it
May 30 10:48:24 172.16.12.4 2986: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-paks-in" to replace, adding it
May 30 10:48:24 172.16.12.4 2987: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-paks-out" to replace, adding it
May 30 10:48:24 172.16.12.4 2988: *Mar 11 03:12:12: AAA/ACCT: no attribute "bytes_in" to replace, adding it
May 30 10:48:24 172.16.12.4 2989: *Mar 11 03:12:12: AAA/ACCT: no attribute "bytes_out" to replace, adding it
May 30 10:48:24 172.16.12.4 2990: *Mar 11 03:12:12: AAA/ACCT: no attribute "paks_in" to replace, adding it
May 30 10:48:24 172.16.12.4 2991: *Mar 11 03:12:12: AAA/ACCT: no attribute "paks_out" to replace, adding it
May 30 10:48:24 172.16.12.4 2992: *Mar 11 03:12:12: AAA/ACCT: no attribute "pre-session-time" to replace, adding it
May 30 10:48:24 172.16.12.4 2993: *Mar 11 03:12:12: AAA/ACCT/DS0: channel=5, ds1=0, t3=0, slot=1, ds0=16777221
May 30 10:48:24 172.16.12.4 2994: *Mar 11 03:12:12: AAA/ACCT: no attribute "elapsed_time" to replace, adding it
May 30 10:48:24 172.16.12.4 2995: *Mar 11 03:12:12: AAA/ACCT ISDN xmit=64000 recv=64000 hwidb=61451EB0
May 30 10:48:24 172.16.12.4 2996: *Mar 11 03:12:12: AAA/ACCT/NET/STOP User testuser, Port Serial1/0:5:
May 30 10:48:24 172.16.12.4 2997: task_id=1642 timezone=UTC service=ppp disc-cause=2 disc-cause-ext=1011 pre-bytes-in=149 pre-bytes-out=84 pre-paks-in=7 pre-paks-out=5 bytes_in=58 bytes_out=0 paks_in=2 paks_out=0 pre-session-time=1 connect-progress=65 elapsed_time=0 nas-rx-speed=64000 nas-tx-speed=64000
May 30 10:48:24 172.16.12.4 2998: *Mar 11 03:12:12: AAA/ACCT: user testuser, acct type 2 (3263994692): Method=tacacs+ (tacacs+)
May 30 10:48:24 172.16.12.4 2999: *Mar 11 03:12:12: TAC+: (68584559): received author response status = FAIL
May 30 10:48:24 172.16.12.4 3000: *Mar 11 03:12:12: Se1/0:5 AAA/AUTHOR (68584559): Post authorization status = FAIL
May 30 10:48:24 172.16.12.4 3001: *Mar 11 03:12:13: TAC+: (3263994692): received acct response status = SUCCESS
05-30-2002 09:23 AM
It's hard to say from the debug above. First, the config is a bit funky. You have two pools specified on the serial interface, but only one dialer interface in one of the pools. You should therefore either add MPPP to the serial config (since we will negotiate LCP prior to binding to the profile), or add "dialer caller XXX" to int dialer 1 so that we can immediately bind on CLID.
From the debug the connection is torn down before authorization is even able to complete; you may want to collect the following debugs instead:
debug isdn q931
debup ppp neg
debug aaa authen
debug aaa author
You want to confirm who is initiating the disconnect, and then try to figure out why.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide