Yes. Here is what it looks like

* WARNING This computer employs a security system to prevent

unauthorized access. It is unlawful to attempt to use

this computer or gain access to the data stored, maintained

or processed.

Username:

User Access Verification

Username: the_dialout_userid

Password:

Old Password:

Tacacs is the one which is asking for the password and old password..Now on the successful authentication, do you get the router prompt?..If YES then somehow that telnet software is ignoring the port 7001 during telnet. 7001 is the rotary port and with "rotary 1" configured under the line config, it should connect you with the next available modem.

Yep, TACACS is asking for the pw. See the screen copy below.

************************

User Access Verification

Username: dial_out_users

Password:

Old Password:

New Password:

Re-enter New password:

Password Changed

************************

My biggest concern is the user can change the TACACS password (as shown above). My other concern is why a W2K machince get this when connecting to COM4 and my W2K does not; but, that problem may be the W2K and DialOutEz config.

I think there must be a way to disable that password change offer in TACACS..Who is a vendor for TACACS..?

Now fire up the DOS prompt on Win2K and do "telnet x.x.x.x 7001" where x.x.x.x is the ip of router..and see what you are getting..You should get the modem on successful authentication..That process is being automated by DialOut-EZ using virtual com port..Thx..Tejal

Telneting in via port 7001 gets me the Username: and Password: prompt displays I sent you. And if I enter the userid and password I do get to the modem and can issue AT commands.

The problem is the user can change the password if they press ENTER at the first Password: prompt.

I'm running CiscoSecure ACS 2.4 as my TACACS; why does it allow me to change the password ? Will I have to put something in the Network Access Restrictions in the userid's account in TACACS to prevent this ?

Thanks.

When telneting to port 7001 or using the DialOut software pointing to COM4 a connection is made to the router, not the modem. See the last post I made.

Here is the config. Thanks.

!

version 12.0

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname EPE_AS5300

!

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login no_tacacs local

aaa authentication ppp default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

enable password 7 001asdfasdasdasd5E

!

username Chelmont password 7 010asdfasdfsdf5E70

username Fabens password 7 061asdfasasdfasd54

username Anthony password 7 1asdfasfasfd7A7579

username cisco password 7 14asdfasdfasdfaA75

username VHCASHIER password 7 1asdfasdfasdfasdfasdfasdfasfasasf6061318

username SBCASHIER password 7 02asdfasdfasdfsadfasfa18070E10041C47

username HTCASHIER password 7 08asdfasdfasdfasdfasdfasfsafas3C27303033041E0A0D53

spe 1/0 1/7

firmware location system:/ucode/mica_port_firmware

!

!

resource-pool disable

!

!

!

!

!

ip subnet-zero

ip domain-name intra.epelectric.com

ip name-server 172.19.1.103

ip name-server 192.168.234.41

!

async-bootp dns-server 172.19.1.103 192.168.234.41

isdn switch-type primary-5ess

mta receive maximum-recipients 0

!

!

controller T1 0

framing esf

clock source line primary

linecode b8zs

pri-group timeslots 1-24

description PRI coming through PBX

!

controller T1 1

framing esf

clock source line secondary 1

linecode b8zs

pri-group timeslots 1-24

description PRI coming directly in from ESPIRE

!

controller T1 2

shutdown

!

controller T1 3

shutdown

!

!

process-max-time 200

!

interface Loopback0

ip address 172.23.251.1 255.255.255.0

no ip directed-broadcast

!

interface Ethernet0

description

ip address 192.168.250.3 255.255.255.0

no ip directed-broadcast

no mop enabled

!

interface Serial0:23

ip unnumbered Ethernet0

no ip directed-broadcast

encapsulation ppp

dialer-group 1

isdn switch-type primary-5ess

isdn incoming-voice modem

ppp authentication chap pap

!

interface Serial1:23

ip unnumbered Ethernet0

no ip directed-broadcast

encapsulation ppp

dialer rotary-group 1

dialer-group 1

isdn switch-type primary-5ess

isdn incoming-voice modem

!

interface FastEthernet0

no ip address

no ip directed-broadcast

shutdown

!

interface Group-Async1

ip unnumbered Loopback0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression passive

async mode interactive

peer default ip address pool epedialin

ppp authentication chap pap

group-range 1 48

!

interface Dialer1

ip address 172.23.250.1 255.255.255.0

no ip directed-broadcast

encapsulation ppp

dialer in-band

dialer idle-timeout 7200

dialer map ip 172.23.1.1 name Chelmont broadcast 97803336

dialer map ip 172.23.2.1 name Fabens

dialer-group 1

ppp authentication chap pap

!

router eigrp 555

network 172.23.0.0

network 192.168.250.0

!

router rip

redistribute connected

redistribute static

network 192.168.250.0

!

ip local pool epedialin 172.23.251.2 172.23.251.250

no ip http server

ip classless

ip route 172.23.1.0 255.255.255.0 172.23.1.1

ip route 172.23.2.0 255.255.255.0 172.23.2.1

ip route 172.23.3.0 255.255.255.0 172.23.3.1

ip route 172.23.101.0 255.255.255.0 172.23.250.101

ip route 172.23.102.0 255.255.255.0 172.23.250.102

ip route 172.23.103.0 255.255.255.0 172.23.250.103

ip route 172.23.104.0 255.255.255.0 172.23.250.104

ip route 172.23.105.0 255.255.255.0 172.23.250.105

ip route 172.23.106.0 255.255.255.0 172.23.250.106

ip route 172.23.107.0 255.255.255.0 172.23.250.107

ip route 172.23.108.0 255.255.255.0 172.23.250.108

ip route 172.23.109.0 255.255.255.0 172.23.250.109

ip route 172.23.110.0 255.255.255.0 172.23.250.110

ip route 172.23.254.0 255.255.255.0 172.23.250.254

!

access-list 101 permit ip any any

dialer-list 1 protocol ip permit

tacacs-server host 192.168.224.19

tacacs-server timeout 20

tacacs-server key 34ygrdcnty

snmp-server engineID local 000000090200003080BD3F6E

snmp-server community wwwww RO

snmp-server community wwwww RW

snmp-server location ELP,Centre

snmp-server contact Information Technology

snmp-server chassis-id RTR777

banner motd

* WARNING This computer employs a security system to prevent

unauthorized access. It is unlawful to attempt to use

this computer or gain access to the data stored, maintained

or processed.

!

line con 0

login authentication no_tacacs

transport input none

line 1 24

autoselect during-login

autoselect ppp

modem Dialin

transport preferred pad telnet rlogin udptn mop v120 lapb-ta

transport output pad telnet rlogin udptn mop v120 lapb-ta

line 25 47

autoselect during-login

autoselect ppp

modem InOut

rotary 1

transport preferred pad telnet rlogin udptn mop v120 lapb-ta

transport input all

transport output pad telnet rlogin udptn mop v120 lapb-ta

line 48

autoselect during-login

autoselect ppp

modem Dialin

transport preferred pad telnet rlogin udptn mop v120 lapb-ta

transport output pad telnet rlogin udptn mop v120 lapb-ta

line aux 0

line vty 0 4

password 7 105EasdfasfasdfA5D

!

!

scheduler interval 1000

end