Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2908
Views
0
Helpful
10
Replies

dial-in autocommand telnet - no questions asked

bdavidsson
Level 1
Level 1

‎05-17-2005 07:52 AM

Hi Zulfiqar and thanks for being there.

I have a situation where I want to allow ISDN callers that use UUCP to be able to use my dial-in

access server and upon call setup the DNIS (called number) be inspected and based on that number the user is simply forwarded to a UUCP port on my UUCP host.

As I see it VPDN is not the solution because it uses PPP - What I need is clear channel from the user to the tcp port on the UUCP host.

Scenario:

The main number on my PRI ends in 5371

I have obtained a second number that ends in 5372

I think I should be able to assign a line to any caller that calls the 5372 number so that without any authentication the user is forwarded by autocommand to port 540 on the UUCP host, something like

autocommand telnet 172.30.20.130 540

escape-character NONE

But how do I create the line - I think it matters if the caller is on ISDN or modem - It would be nice if both would work but ISDN is the need right now. Also, how do I direct incoming calls for 5372 to this line?

My equipment is Cisco 3640 with 128MB DRAM/32MB FLASH, modules NM-2CE1U and NM-30DM

1 person had this problem
Labels:
0 Helpful
10 Replies 10

bdavidsson
Level 1
Level 1

‎05-17-2005 08:32 AM

Followup:

After searching around a bit I thought the solution would be simple like:

username 5372 nopassword noescape dnis

username 5372 autocommand connect 172.30.20.130 540

When I dial in, I get the router prompt but the autocommand seems not to execute...?

Also I am wondering if the connect and noescape are sufficient to prevent that any datastream chars in knocking down the session...?

thanks,

-bd-

0 Helpful

zahmed
Cisco Employee
Cisco Employee
In response to bdavidsson

‎05-17-2005 10:18 PM

You are on the right track but you will only get it going if your ISDN users, or infact their ISDN equipment/TA, are capable of doing V.120 . If not, then this funtionality is not possible to implement. You can look for V.120 docs on CCO Or I can find some for you but first you need to check into whether your ISDN users could do V.120.

Thanx and Regards,

~Zulfiqar

0 Helpful

bdavidsson
Level 1
Level 1
In response to zahmed

‎05-18-2005 04:43 AM

Hello again Zulfiqar

OK - yes I have TA that supports V.120 - Zyxel omni.net LCD ISDN TA with RS-232 - Did some testing but it looks like the cisco box always wants to initiate PPP on connection - also tried with a modem - got the cisco prompt but the autocommand wouldn't run? If i run the command from the prompt then I got connected to the UUCP port so the port is not blocked.

this is the last approach I tried:

username 5372 nopassword noescape dnis

username 5372 autocommand telnet 172.30.20.130 540 /stream

0 Helpful

bdavidsson
Level 1
Level 1
In response to bdavidsson

‎05-18-2005 06:10 AM

One more obstacle cleared...

Added this to the dialer interface:

autodetect encapsulation ppp v120

Now, when I call in, I get the router prompt, just like in the analog dialin to # 5372 but the autocommand seems not to activate and I am still

stuck there.. hmmm? - Any hints?

0 Helpful

bdavidsson
Level 1
Level 1
In response to bdavidsson

‎05-18-2005 08:26 AM

Further update...

The only problem left - This line

username 5372 autocommand telnet 193.x.x.130 540 /stream

is apparently not working.

A ISDN user on V.120 connection gets the next available VTY - I tried configuring vty 5 15 to

line vty 5 15

access-class 3 in

exec-timeout 20160 0

autocommand telnet 193.x.x.130 540 /stream

!

And kept VTY's 0 to 4 occupied, dialed in and bingo - my connection was forwarded to the UUCP box - Also tried to dial in via modem but was reported to be on a digital modem line, not a VTY so the VTY autocommand did not kick in.

The only kneeknocker left is therefore - how do I get the autoconnect to activate as soon as the dnis user logs on?

0 Helpful

zahmed
Cisco Employee
Cisco Employee
In response to bdavidsson

‎05-18-2005 09:38 AM

Define "authorization exec xyz" under line vty 5 15, and then correspondingly make sure you have "aaa authorization exec xyz local" in global config. If its still not working, please capture the following debugs when you intiate a V.120 dialin :

debug isdn q931

debug modem

debug csm modem

debug ip tcp transaction

debug aaa authen

debug aaa authoriz

I would be good to see your config as well.

Also for now, I would suggest you put the DNIS matching aside and only work on getting autocommand executed for ISDN V.120 users if possible at all.

Thanx and Regards,

~Zulfiqar

0 Helpful

bdavidsson
Level 1
Level 1
In response to zahmed

‎05-18-2005 12:17 PM

Yeess, thanks Zulfiqar!

This now works perfectly for V.120 over ISDN the

aaa authorization exec xyz local

in global configuration and

authorization exec xyz

under the VTY line config fixed it.

Solves very nicely. Still, though - I need to find a method to be able to pull the same trick when I dial in with a modem (actually via GSM) - I still get only the router prompt there since the user does not get a VTY assigned on login. - Any hints there?

Also - I think I need to add /stream to the telnet command to be able to have a noninterupted TCP connection when I send binary data over the connection - right? Or is it possible that any control chars could tear down the connection?

thanks again,

-bd-

0 Helpful

bdavidsson
Level 1
Level 1
In response to bdavidsson

‎05-18-2005 01:32 PM

Config sample ...

! Config to redirect incoming calls with V.120 to

! tcp port 540 on a UUCP host

! when number 5372 is dialed (DNIS) number

!

aaa authorization exec UUCP local

!

username 5372 nopassword noescape nohangup dnis

username 5372 autocommand telnet 172.30.20.130 540 /stream

!

!

interface Dialer0

description Dialer group for ISDN

[...]

autodetect encapsulation ppp v120

!

!

line vty 0 4

[...]

authorization exec UUCP

line vty 5 15

[...]

authorization exec UUCP

!

Still does not work with modem dial-in though.

Suggestions?

0 Helpful

zahmed
Cisco Employee
Cisco Employee
In response to bdavidsson

‎05-18-2005 11:07 PM

You are good to go with /stream in autocommand telnet and "escape-character NONE". For the modem dialin, you need to have the autocommand telnet under the tty lines.

Thanx and Regards,

~Zulfiqar

0 Helpful

a.shabaneh
Level 1
Level 1
In response to zahmed

‎05-25-2005 04:11 PM

Hi Zulfaqar,

I'm trying to configure a c2500 terminal server to allow specific number of users to dialin and access local servers using local authorisation name-list but using radius for authentication.as I want usernames to appear on the c2500 config file but passwords be stored in radius only. All mothods seem to allow only local or only radius for both athentication and athorisation or default to another if-needed. Any suggestion

Thanks

Atef

0 Helpful
Customers Also Viewed These Support Documents