Virtual Access Interface not cloned from Template

Discussion in 'Cisco' started by Matthew Melbourne, Nov 11, 2003.

  1. I have an issue with Virtual Profiles running on an AS5300, 12.1(20) with
    CSACS 2.6 as the TACACS+ authenticatio mechanism. The access server serves
    dial-up users (via a group-async interface) and ISDN dial-in users using
    fixed static dialer profiles. I am trying to extend this to use virtual
    profiles for some ISDN dial-in users (to principally download access-lists
    and routes on a per-user basis).

    However, after configuring virtual templates, the virtual access interface
    is not cloned.

    Are any special AAA authorization parameters required on the user's CSACS
    configuration?

    Presumably the PPP authentication/authorization configuration used to
    authenticate the user, as the details configured on the physical serial
    interface.

    ISDN Caller ID is used to bind inbound calls to the physical dialer
    profile, but the users without static dialer profiles have an ISDN caller
    statement under the physical interface, so the call is not rejected.

    The user is authenticated and authorized but the virtual template is not
    cloned.

    The relevant parts of the configuration are:

    aaa new-model
    aaa authentication login default local
    aaa authentication login TELNET line
    aaa authentication login DIALINPPP group tacacs+ local
    aaa authentication ppp default local
    aaa authentication ppp ROUTERPPP local
    aaa authentication ppp DIALINPPP if-needed group tacacs+ local
    aaa authorization exec DIALINPPP group tacacs+ if-authenticated
    aaa authorization network ROUTERPPP if-authenticated
    aaa authorization network DIALINPPP group tacacs+ local
    aaa accounting network DIALINPPP start-stop group tacacs+
    !
    virtual-profile if-needed
    virtual-profile virtual-template 1
    virtual-profile aaa
    !
    interface Virtual-Template1
    ip unnumbered Loopback0
    !
    interface Serial0:15
    no ip address
    encapsulation ppp
    dialer pool-member 1
    isdn switch-type primary-net5
    isdn caller 5551234
    isdn caller 5557890
    isdn caller 5550001
    isdn incoming-voice modem
    isdn skip-async-callerid-check
    compress stac
    no cdp enable
    ppp authentication chap DIALINPPP
    ppp authorization DIALINPPP
    ppp multilink
    !
    interface Dialer0
    description Dialer Profile #0
    ip unnumbered loopback0
    dialer caller 5551234
    ....
    !
    interface Dialer1
    description Dialer Profile #1
    ip unnumbered loopback0
    dialer caller 5557890
    ....

    Cheers,

    Matt

    --
    Matthew Melbourne
     
    Matthew Melbourne, Nov 11, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shawn
    Replies:
    0
    Views:
    3,804
    Shawn
    May 14, 2004
  2. JustMe
    Replies:
    0
    Views:
    828
    JustMe
    May 24, 2004
  3. Yehavi Bourvine
    Replies:
    1
    Views:
    1,097
    Hansang Bae
    Aug 26, 2004
  4. Gary
    Replies:
    1
    Views:
    2,625
  5. Gary

    Virtual-template keepalive

    Gary, May 13, 2005, in forum: Cisco
    Replies:
    0
    Views:
    913
Loading...

Share This Page