Virtual Access Interface not cloned from Template

Discussion in 'Cisco' started by Matthew Melbourne, Nov 11, 2003.

  1. I have an issue with Virtual Profiles running on an AS5300, 12.1(20) with
    CSACS 2.6 as the TACACS+ authenticatio mechanism. The access server serves
    dial-up users (via a group-async interface) and ISDN dial-in users using
    fixed static dialer profiles. I am trying to extend this to use virtual
    profiles for some ISDN dial-in users (to principally download access-lists
    and routes on a per-user basis).

    However, after configuring virtual templates, the virtual access interface
    is not cloned.

    Are any special AAA authorization parameters required on the user's CSACS

    Presumably the PPP authentication/authorization configuration used to
    authenticate the user, as the details configured on the physical serial

    ISDN Caller ID is used to bind inbound calls to the physical dialer
    profile, but the users without static dialer profiles have an ISDN caller
    statement under the physical interface, so the call is not rejected.

    The user is authenticated and authorized but the virtual template is not

    The relevant parts of the configuration are:

    aaa new-model
    aaa authentication login default local
    aaa authentication login TELNET line
    aaa authentication login DIALINPPP group tacacs+ local
    aaa authentication ppp default local
    aaa authentication ppp ROUTERPPP local
    aaa authentication ppp DIALINPPP if-needed group tacacs+ local
    aaa authorization exec DIALINPPP group tacacs+ if-authenticated
    aaa authorization network ROUTERPPP if-authenticated
    aaa authorization network DIALINPPP group tacacs+ local
    aaa accounting network DIALINPPP start-stop group tacacs+
    virtual-profile if-needed
    virtual-profile virtual-template 1
    virtual-profile aaa
    interface Virtual-Template1
    ip unnumbered Loopback0
    interface Serial0:15
    no ip address
    encapsulation ppp
    dialer pool-member 1
    isdn switch-type primary-net5
    isdn caller 5551234
    isdn caller 5557890
    isdn caller 5550001
    isdn incoming-voice modem
    isdn skip-async-callerid-check
    compress stac
    no cdp enable
    ppp authentication chap DIALINPPP
    ppp authorization DIALINPPP
    ppp multilink
    interface Dialer0
    description Dialer Profile #0
    ip unnumbered loopback0
    dialer caller 5551234
    interface Dialer1
    description Dialer Profile #1
    ip unnumbered loopback0
    dialer caller 5557890


    Matthew Melbourne, Nov 11, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.