AS5300 VPDN and local auth

Discussion in 'Cisco' started by dukgu, Mar 27, 2007.

  1. dukgu

    dukgu Guest

    Greetings!

    Our AS5300 configured and very well working as
    a local access concentrator together with another
    Cisco LNS. We are using VPDN tunnelling to terminate
    all ppp calls. All PPP athentication is bypassed to
    LNS, so local authentication is used only to allow
    admin's exec session.

    Anyway, there is a need to let admin to initiate
    a PPP session and terminate it locally on AS5300 LAC
    by issuing a command "ppp negotiate"
    In current configuration (see below) we cannot bypass
    tunnelling, so the "requested address was rejected
    by the server" authorization error has been returned
    and PPP session does not complete to negotiate because
    all authentication data is being tunnelled to the LNS,
    where it checked by RADIUS.

    What should we add into the config to permit local users
    (admin1, admin2) to initiate a PPP session and have
    terminated it locally on a LAC without tunneling them
    to an LNS?


    Thank you very much.

    The current configuration is following:
    -----------------------------------
    IOS Version is 12.3(17)
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login LOCAL none
    aaa session-id common
    ip subnet-zero

    !
    vpdn enable
    vpdn source-ip xxx.xxx.111.4
    vpdn search-order dnis

    !
    vpdn-group Dialup
    request-dialin
    protocol l2tp
    dnis 111111111
    dnis 111111121
    initiate-to ip xxx.xxx.xxx.1 priority 10
    local name LAC1
    l2tp tunnel password 7 05233847283479283B09
    !
    isdn switch-type primary-ni
    !
    username admin1 password 7 023984AB9834545845
    username admin2 password 7 1234873B234C234423
    !
    controller E1 0
    framing NO-CRC4
    clock source line primary
    ....etc
    !
    !
    interface Loopback0
    ip address xxx.xxx.111.4 255.255.255.255
    !
    interface Ethernet0
    ip address xxx.xxx.xxx.120 255.255.255.0
    no ip redirects
    no ip unreachables
    no cdp enable
    !
    interface Group-Async0
    ip unnumbered Loopback0
    no ip redirects
    encapsulation ppp
    no logging event link-status
    dialer in-band
    dialer-group 1
    async mode interactive
    peer default ip address pool POOL
    ppp authentication pap chap
    group-range 1 240
    !
    interface Dialer0
    ip unnumbered Loopback0
    encapsulation ppp
    dialer in-band
    dialer idle-timeout 0
    no peer default ip address
    no cdp enable
    ppp authentication pap chap
    ppp multilink
    !
    !
    interface Dialer1
    ip unnumbered Loopback0
    encapsulation ppp
    dialer in-band
    dialer idle-timeout 0
    dialer extsig
    no peer default ip address
    no cdp enable
    ppp authentication pap chap
    ppp multilink
    !
    ip local pool POOL 111.111.111.1 111.111.111.254
    ip classless
    ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.109
    no ip http server
    !
    mgcp
    mgcp call-agent pgw2 2427 service-type mgcp version 1.0
    mgcp dtmf-relay voip codec all mode nte-gw
    mgcp modem passthrough voip mode nse
    mgcp modem passthrough voip codec g711alaw
    mgcp vad
    mgcp sgcp disconnect notify
    mgcp ip qos dscp cs4 signaling
    mgcp package-capability dtmf-package
    mgcp package-capability rtp-package
    mgcp package-capability nas-package
    mgcp default-package gm-package
    mgcp fax t38 ls_redundancy 1
    mgcp fax t38 hs_redundancy 1
    mgcp bind control source-interface Loopback0
    mgcp bind media source-interface Loopback0
    !
    !
    mgcp profile default
    timeout tsmax 100
    no max1 lookup
    max1 retries 3
    !
    !
    line con 0
    logging synchronous
    login authentication LOCAL
    line 1 240
    modem Dialin
    transport output none
    autoselect ppp
    !
    ....
    end
    -----------------------------------
     
    dukgu, Mar 27, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Vinny Abello
    Replies:
    0
    Views:
    688
    Vinny Abello
    Dec 6, 2003
  2. Dan Mills
    Replies:
    1
    Views:
    1,099
    Scooby
    Aug 11, 2004
  3. Replies:
    1
    Views:
    2,252
    b1-100
    Aug 27, 2011
  4. Christian Hewitt
    Replies:
    0
    Views:
    2,970
    Christian Hewitt
    Apr 24, 2005
  5. Jaime

    VPDN and IP local pool

    Jaime, May 23, 2005, in forum: Cisco
    Replies:
    0
    Views:
    663
    Jaime
    May 23, 2005
Loading...

Share This Page