Re: ISDN Connectivity problem

ddnicholls · ‎04-30-2003

I have a 2611 in a hub site, and another at a spoke site. The hub site router is acting as a simple access router with an E1 card transferring requests to a Radius server. This part works fine locally however when dialling up remotely, the hub router hangs the line up after a few seconds without even attempting to authenticate. Hub config is below, the spoke sited were dialling successfully to a Tigris router. Any help appreciated.

Thanks

Dean

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname mel04

!

logging rate-limit console 10 except errors

aaa new-model

enable password 7 045E1B570C345E4B

!

ip subnet-zero

!

no ip finger

no ip domain-lookup

!

isdn switch-type primary-net5

!

--More-- !

controller E1 1/0

pri-group timeslots 1-31

!

interface Ethernet0/0

description Connected to HP Switch on mel04 VLAN

ip address 202.81.96.122 255.255.255.252

full-duplex

!

interface Ethernet0/1

no ip address

shutdown

half-duplex

!

interface Serial1/0:15

no ip address

isdn switch-type primary-net5

isdn T310 30000

no cdp enable

!

interface Dialer0

no ip address

--More-- no cdp enable

!

interface Dialer1

description connected to dial in PCs(ISDN)

no ip address

encapsulation ppp

no ip split-horizon

dialer in-band

dialer-group 1

peer default ip address pool mel04-Group-1

ppp authentication chap pap callin

ppp multilink

!

router rip

version 2

network 202.81.96.0

no auto-summary

!

ip local pool me104-Group-1 203.81.106.1 203.81.106.30

ip classless

ip default-network 202.81.96.0

ip http server

!

--More-- snmp-server community public RO

snmp-server location Richmond

radius-server host 202.81.96.93 auth-port 1645 acct-port 1646 key 7 050C051B285F5E

radius-server host 202.81.96.94 auth-port 1645 acct-port 1646 key 7 10490A0D0C0402

radius-server host 202.81.96.99 auth-port 1645 acct-port 1646 key 7 07082258471A09

radius-server retransmit 3

!

line con 0

exec-timeout 0 0

password 7 11071C0E031319

transport input none

line aux 0

line vty 0 4

password 7 082F49451D1817

!

no scheduler allocate

end

xge · ‎04-30-2003

I think there is some configuration problem. You have to enable aaa authentication. You can refer to the URL to enable auth:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt1/scdathen.htm

Hope it helpful.

ddnicholls · ‎04-30-2003

My apologies, I posted an old config, here is the correct one.

sh run

Building configuration...

Current configuration : 2183 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname mel04

!

logging rate-limit console 10 except errors

aaa new-model

aaa authentication login default group radius

aaa authentication login NO_RADIUS local

aaa authentication ppp default group radius

aaa authorization exec default group radius

aaa authorization exec NO_RADIUS local

aaa authorization network default local group radius

aaa accounting send stop-record authentication failure

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

enable password 7 045E1B570C345E4B

--More-- !

username root password 7 151C0E07102B39

ip subnet-zero

!

no ip finger

no ip domain-lookup

ip name-server 202.81.96.82

!

isdn switch-type primary-ts014

!

controller E1 1/0

pri-group timeslots 1-31

!

interface Ethernet0/0

description Connected to HP Switch on mel04 VLAN

ip address 202.81.105.66 255.255.255.252

full-duplex

!

interface Ethernet0/1

no ip address

--More-- shutdown

half-duplex

!

interface Serial1/0:15

no ip address

isdn switch-type primary-ts014

no cdp enable

!

interface Dialer0

no ip address

no cdp enable

!

interface Dialer1

description connected to dial in PCs(ISDN)

no ip address

encapsulation ppp

no ip split-horizon

dialer in-band

dialer-group 1

peer default ip address pool mel04-Group-1

ppp authentication chap pap callin

ppp multilink

!

--More-- ip local pool me104-Group-1 203.81.106.1 203.81.106.30

ip classless

ip default-network 202.81.105.0

ip route 0.0.0.0 0.0.0.0 202.81.105.65

ip http server

!

snmp-server community public RO

snmp-server location Richmond

radius-server host 202.81.96.93 auth-port 1645 acct-port 1646 key 7 050C051B285F5E

radius-server host 202.81.96.94 auth-port 1645 acct-port 1646 key 7 10490A0D0C0402

radius-server host 202.81.96.99 auth-port 1645 acct-port 1646 key 7 07082258471A09

radius-server retransmit 3

!

line con 0

exec-timeout 0 0

password 7 11071C0E031319

transport input none

line aux 0

line vty 0 4

password 7 06080A2A584F1B

--More-- authorization exec NO_RADIUS

login authentication NO_RADIUS

!

no scheduler allocate

end

mel04#

rjackson · ‎05-01-2003

you need to link the serial pri to the dialer int with a pool.

on serial int put:

dialer pool-member 1

on dialer int put:

dialer pool 1

ddnicholls · ‎05-01-2003

This router is not performing any CHAP authentication, simply passing the information through to a Win2K Radius server. Does it still need dialer pools? I understood they were only required in the case of an access router, or do I need to set up authentication from the remote router to allow it to pass through to the Radius server, ie a user name for the remote router?

Thanks