I am using a 2503 to test per-user aaa dialin. The modem is attached to the AUX port, which is set to be an async line. When I dial in using a user with per-user aaa settings, any routed packet incurs very long delays (pings take 1-10s to get responses). If it simultaneously ping the NAS, the response times drop to a more respectable avg 500ms. The same laptop dialled in using a non per-user aaa user gets 150ms ping responses to the NAS and any routed destination (along with expected small addition delays caused by routed links in the path).
Is this a factor of the under-spec’d 2500? Or is this something I have created in the configuration? Sanitised config below:
version 11.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname APH_DIALGATE
!
aaa new-model
aaa authentication login standard tacacs+
aaa authentication login nwadmin tacacs+ local
aaa authentication ppp standard if-needed tacacs+
aaa authorization exec standard tacacs+
aaa authorization exec nwadmin tacacs+ local
aaa authorization network mustusetacacs tacacs+
aaa authorization network standard if-authenticated tacacs+
aaa accounting exec default start-stop tacacs+
aaa accounting network default start-stop tacacs+
enable secret *************************************
!
username *********** privilege 15 password ********************************
no ip domain-lookup
virtual-profile virtual-template 1
virtual-profile aaa
async-bootp dns-server 10.3.185.16 10.4.185.16
async-bootp nbns-server 10.4.185.16 10.3.185.16
isdn switch-type basic-net3
clock timezone AEST 10
clock summer-time AESuT recurring last Sun Oct 2:00 last Sun Mar 2:00
!
!
!
interface Ethernet0
ip address 172.29.1.14 255.255.0.0
no cdp enable
!
interface Virtual-Template1
ip unnumbered Ethernet0
peer default ip address pool default
ppp authorization mustusetacacs
!
interface Serial0
ip address 172.25.1.2 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation ppp
no logging event link-status
dialer rotary-group 0
autodetect encapsulation ppp v120
isdn switch-type basic-net3
isdn incoming-voice modem
no cdp enable
!
interface Async1
ip unnumbered Ethernet0
encapsulation ppp
no logging event link-status
dialer in-band
dialer idle-timeout 86400
autodetect encapsulation ppp
async mode interactive
peer default ip address pool default
no cdp enable
ppp authentication chap standard
ppp authorization standard
!
interface Dialer0
ip unnumbered Ethernet0
encapsulation ppp
no logging event link-status
dialer in-band
dialer idle-timeout 86400
peer default ip address pool default
no cdp enable
ppp authentication chap standard
ppp authorization standard
ppp multilink
!
ip local pool default 172.29.2.1 172.29.2.60
ip local pool GAUSER 172.29.3.1 172.29.3.60
ip classless
ip route 0.0.0.0 0.0.0.0 172.29.1.1
ip route x.x.x.x 255.255.255.255 172.25.1.1
!
!
ip access-list extended GAUSERfilter
permit ip 172.29.3.0 0.0.0.255 host x.x.x.x
deny ip any any
logging console warnings
dialer-list 1 protocol ip permit
tacacs-server host 10.3.185.17 single-connection
tacacs-server timeout 30
tacacs-server key *****************
snmp-server community ******** RO
snmp-server location ***********
snmp-server contact ***************************
!
line con 0
exec-timeout 0 0
authorization exec nwadmin
login authentication nwadmin
line aux 0
session-timeout 60
timeout login response 60
autoselect ppp
session-disconnect-warning 600
authorization exec standard
login authentication standard
modem Dialin
modem autoconfigure discovery
transport input all
speed 38400
flowcontrol hardware
line vty 0 4
exec-timeout 0 0
authorization exec nwadmin
login authentication nwadmin
transport input telnet
!
ntp clock-period 17179761
ntp server 10.1.0.5
scheduler interval 1000
end
