05-14-2003 05:22 AM - edited 03-02-2019 07:20 AM
I've had a couple of goes at getting this config correct and am running out of chances. Before I test this in the real world, I'd appreciate it if someone could tell me whether this looks as though it will work.
It is an ISDN hub router simply receiving calls from ISDN spoke routers and passing on the authentication to a Radius server. I am interested in any suggestions, but especially whether the dialer/serial int config is correct.
Thanks,
Dean.
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname mel04
!
logging rate-limit console 10 except errors
aaa new-model
aaa authentication login default group radius
aaa authentication login NO_RADIUS local
aaa authentication ppp default group radius
aaa authorization exec default group radius
aaa authorization exec NO_RADIUS local
aaa authorization network default local group radius
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
enable password 7 045E1B570C345E4B
!
username root password 7 151C0E07102B39
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
ip name-server 202.81.96.82
!
isdn switch-type primary-net5
!
!
controller E1 1/0
pri-group timeslots 1-31
!
!
interface Ethernet0/0
description Connected to HP Switch on mel04 VLAN
ip address 202.81.105.66 255.255.255.252
full-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Serial1/0:15
no ip address
dialer rotary-group 1
isdn switch-type primary-net5
isdn T310 30000
no cdp enable
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
description connected to dial in PCs(ISDN)
no ip address
encapsulation ppp
no ip split-horizon
dialer in-band
dialer-group 1
peer default ip address pool mel04-Group-1
ppp authentication chap pap callin
ppp multilink
!
ip local pool mel04-Group-1 203.81.106.1 203.81.106.30
ip classless
ip default-network 202.81.105.0
ip route 0.0.0.0 0.0.0.0 202.81.105.65
ip http server
!
snmp-server community public RO
snmp-server location Richmond
radius-server host 202.81.96.93 auth-port 1645 acct-port 1646 key 7 050C051B285F
5E
radius-server retransmit 3
!
line con 0
exec-timeout 0 0
password 7 11071C0E031319
transport input none
line aux 0
line vty 0 4
password 7 06080A2A584F1B
authorization exec NO_RADIUS
login authentication NO_RADIUS
!
no scheduler allocate
end
mel04#
Solved! Go to Solution.
05-14-2003 12:20 PM
You need to assign an IP address to the Dialer 1 interface. Also, make sure other routers on your network know how to reach the addresses in your pool, mel04-Group-1.
Mark
05-14-2003 12:18 PM
Some notes:
You should have an IP address on the Dialer1 interface. Setting it to "ip unnumbered Ethernet0/0" is acceptable as well.
Consider setting 'ppp multilink bap' to support dynamically adding and removing a second channel for clients that support BAP.
You probably need something like "dialer-list 1 protocol ip permit" or "dialer-list 1 protocol ip list [an access list]" in order to pass any IP traffic on that interface.
If it doesn't work after changing the above, we'll need to know exactly what happens when you try. Include the output of "debug aaa authentication", "debug aaa authorization", and "debug ppp negotiation".
05-14-2003 02:25 PM
Thanks very much guys, much appreciated, will let you know how it goes.
Dean
05-14-2003 12:20 PM
You need to assign an IP address to the Dialer 1 interface. Also, make sure other routers on your network know how to reach the addresses in your pool, mel04-Group-1.
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide