What am I missing? (BRI dialin)

Discussion in 'Cisco' started by Garry Glendown, Dec 17, 2004.

  1. Somehow I must be blind ... though it's been a while since I last used a
    BRI for dialin services, it's not _that_ complicated ... especially as
    I'm using parts of an old router config that worked before (though with
    an 11.x IOS)

    OK, I need to provide some temporary ISDN dialin, with radius auth.
    Router is a 7206 w/BRI PA ... here's the port config:

    aaa authentication login dialin local group radius
    aaa authentication ppp dialin local group radius
    aaa authorization network default group radius
    aaa accounting network default start-stop group radius
    aaa accounting connection default start-stop group radius
    aaa session-id common
    [..]
    interface BRI4/0
    ip unnumbered FastEthernet2/0
    ip accounting access-violations
    encapsulation ppp
    dialer idle-timeout 600
    dialer-group 1
    isdn switch-type basic-net3
    isdn answer1 77
    peer default ip address pool dialin
    no keepalive
    no cdp enable
    ppp authentication pap chap callin dialin
    !

    here's some output from the dialin attempt ... I don't even see any
    attempt at querying our radius server ... what really puzzles me is that
    just about the same config worked fine on an old 3620 some years ago ...


    3w4d: ISDN BR4/0 EVENT: process_rxstate: ces/callid 1/0x17 calltype 1
    HOST_INCOMING_CALL
    3w4d: ISDN BR4/0 EVENT: UserIdle: callid 0x17 received ACCEPT_CALL (0x13)
    3w4d: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to up
    3w4d: BR4/0:2 PPP: Using dialer call direction
    3w4d: BR4/0:2 PPP: Treating connection as a callin
    3w4d: BR4/0:2 PPP: I pkt type 0xC021, datagramsize 48 link[ppp]
    3w4d: BR4/0:2 LCP: I CONFREQ [Listen] id 0 len 44
    3w4d: BR4/0:2 LCP: MagicNumber 0x465E2C9A (0x0506465E2C9A)
    3w4d: BR4/0:2 LCP: PFC (0x0702)
    3w4d: BR4/0:2 LCP: ACFC (0x0802)
    3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    3w4d: BR4/0:2 LCP: EndpointDisc 1 Local
    3w4d: BR4/0:2 LCP: (0x1317018E88130EEA6D43DFA62E20450C)
    3w4d: BR4/0:2 LCP: (0xD0547F00000000)
    3w4d: BR4/0:2 PPP: Authorization required
    3w4d: BR4/0:2 LCP: O CONFREQ [Listen] id 57 len 14
    3w4d: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    3w4d: BR4/0:2 LCP: MagicNumber 0x52241655 (0x050652241655)
    3w4d: BR4/0:2 LCP: O CONFREJ [Listen] id 0 len 11
    3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    3w4d: BR4/0:2 PPP: I pkt type 0xC021, datagramsize 48 link[ppp]
    3w4d: BR4/0:2 LCP: I CONFREQ [REQsent] id 1 len 44
    3w4d: BR4/0:2 LCP: MagicNumber 0x465E2C9A (0x0506465E2C9A)
    3w4d: BR4/0:2 LCP: PFC (0x0702)
    3w4d: BR4/0:2 LCP: ACFC (0x0802)
    3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    3w4d: BR4/0:2 LCP: EndpointDisc 1 Local
    3w4d: BR4/0:2 LCP: (0x1317018E88130EEA6D43DFA62E20450C)
    3w4d: BR4/0:2 LCP: (0xD0547F00000000)
    3w4d: BR4/0:2 LCP: O CONFREJ [REQsent] id 1 len 11
    3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    3w4d: BR4/0:2 LCP: TIMEout: State REQsent
    3w4d: BR4/0:2 LCP: O CONFREQ [REQsent] id 58 len 14
    3w4d: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    3w4d: BR4/0:2 LCP: MagicNumber 0x52241655 (0x050652241655)
    3w4d: BR4/0:2 PPP: I pkt type 0x008F, datagramsize 24 link[illegal]
    3w4d: BR4/0:2 : Non-NCP packet, discarding
    3w4d: BR4/0:2 LCP: TIMEout: State REQsent
    3w4d: BR4/0:2 LCP: O CONFREQ [REQsent] id 59 len 14
    3w4d: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    3w4d: BR4/0:2 LCP: MagicNumber 0x52241655 (0x050652241655)
    3w4d: %ISDN-6-CONNECT: Interface BRI4/0:2 is now connected to 59
    8e88130eea6d43dfa62e20450cd0547f00000000
    3w4d: ISDN BR4/0 EVENT: process_rxstate: ces/callid 1/0x17 calltype 1
    HOST_DISCONNECT_ACK
    3w4d: %ISDN-6-DISCONNECT: Interface BRI4/0:2 disconnected from 59
    8e88130eea6d43dfa62e20450cd0547f00000000, call lasted 6 seconds
    3w4d: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to down

    Any hints appreciated ...

    gg
     
    Garry Glendown, Dec 17, 2004
    #1
    1. Advertisements

  2. I don't see where the other guy agrees to do PAP ... but then it looks
    like maybe an older IOS (what version) where "debug ppp negotiation"
    missed out on the authentication part. So let's mix this in for fun:

    conf t
    service timestamp debug date msec
    end

    debug ppp negotation
    debug ppp authentication
    debug isdn q931
    debug isdn event
    debug aaa authentication
    debug aaa authorization
    debug radius

    Also, make sure that your "dialer-group 1" matches some dialer-list.

    Cheers,

    Aaron

    ---

    ~ Somehow I must be blind ... though it's been a while since I last used a
    ~ BRI for dialin services, it's not _that_ complicated ... especially as
    ~ I'm using parts of an old router config that worked before (though with
    ~ an 11.x IOS)
    ~
    ~ OK, I need to provide some temporary ISDN dialin, with radius auth.
    ~ Router is a 7206 w/BRI PA ... here's the port config:
    ~
    ~ aaa authentication login dialin local group radius
    ~ aaa authentication ppp dialin local group radius
    ~ aaa authorization network default group radius
    ~ aaa accounting network default start-stop group radius
    ~ aaa accounting connection default start-stop group radius
    ~ aaa session-id common
    ~ [..]
    ~ interface BRI4/0
    ~ ip unnumbered FastEthernet2/0
    ~ ip accounting access-violations
    ~ encapsulation ppp
    ~ dialer idle-timeout 600
    ~ dialer-group 1
    ~ isdn switch-type basic-net3
    ~ isdn answer1 77
    ~ peer default ip address pool dialin
    ~ no keepalive
    ~ no cdp enable
    ~ ppp authentication pap chap callin dialin
    ~ !
    ~
    ~ here's some output from the dialin attempt ... I don't even see any
    ~ attempt at querying our radius server ... what really puzzles me is that
    ~ just about the same config worked fine on an old 3620 some years ago ...
    ~
    ~
    ~ 3w4d: ISDN BR4/0 EVENT: process_rxstate: ces/callid 1/0x17 calltype 1
    ~ HOST_INCOMING_CALL
    ~ 3w4d: ISDN BR4/0 EVENT: UserIdle: callid 0x17 received ACCEPT_CALL (0x13)
    ~ 3w4d: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to up
    ~ 3w4d: BR4/0:2 PPP: Using dialer call direction
    ~ 3w4d: BR4/0:2 PPP: Treating connection as a callin
    ~ 3w4d: BR4/0:2 PPP: I pkt type 0xC021, datagramsize 48 link[ppp]
    ~ 3w4d: BR4/0:2 LCP: I CONFREQ [Listen] id 0 len 44
    ~ 3w4d: BR4/0:2 LCP: MagicNumber 0x465E2C9A (0x0506465E2C9A)
    ~ 3w4d: BR4/0:2 LCP: PFC (0x0702)
    ~ 3w4d: BR4/0:2 LCP: ACFC (0x0802)
    ~ 3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    ~ 3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    ~ 3w4d: BR4/0:2 LCP: EndpointDisc 1 Local
    ~ 3w4d: BR4/0:2 LCP: (0x1317018E88130EEA6D43DFA62E20450C)
    ~ 3w4d: BR4/0:2 LCP: (0xD0547F00000000)
    ~ 3w4d: BR4/0:2 PPP: Authorization required
    ~ 3w4d: BR4/0:2 LCP: O CONFREQ [Listen] id 57 len 14
    ~ 3w4d: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    ~ 3w4d: BR4/0:2 LCP: MagicNumber 0x52241655 (0x050652241655)
    ~ 3w4d: BR4/0:2 LCP: O CONFREJ [Listen] id 0 len 11
    ~ 3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    ~ 3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    ~ 3w4d: BR4/0:2 PPP: I pkt type 0xC021, datagramsize 48 link[ppp]
    ~ 3w4d: BR4/0:2 LCP: I CONFREQ [REQsent] id 1 len 44
    ~ 3w4d: BR4/0:2 LCP: MagicNumber 0x465E2C9A (0x0506465E2C9A)
    ~ 3w4d: BR4/0:2 LCP: PFC (0x0702)
    ~ 3w4d: BR4/0:2 LCP: ACFC (0x0802)
    ~ 3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    ~ 3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    ~ 3w4d: BR4/0:2 LCP: EndpointDisc 1 Local
    ~ 3w4d: BR4/0:2 LCP: (0x1317018E88130EEA6D43DFA62E20450C)
    ~ 3w4d: BR4/0:2 LCP: (0xD0547F00000000)
    ~ 3w4d: BR4/0:2 LCP: O CONFREJ [REQsent] id 1 len 11
    ~ 3w4d: BR4/0:2 LCP: Callback 6 (0x0D0306)
    ~ 3w4d: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    ~ 3w4d: BR4/0:2 LCP: TIMEout: State REQsent
    ~ 3w4d: BR4/0:2 LCP: O CONFREQ [REQsent] id 58 len 14
    ~ 3w4d: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    ~ 3w4d: BR4/0:2 LCP: MagicNumber 0x52241655 (0x050652241655)
    ~ 3w4d: BR4/0:2 PPP: I pkt type 0x008F, datagramsize 24 link[illegal]
    ~ 3w4d: BR4/0:2 : Non-NCP packet, discarding
    ~ 3w4d: BR4/0:2 LCP: TIMEout: State REQsent
    ~ 3w4d: BR4/0:2 LCP: O CONFREQ [REQsent] id 59 len 14
    ~ 3w4d: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    ~ 3w4d: BR4/0:2 LCP: MagicNumber 0x52241655 (0x050652241655)
    ~ 3w4d: %ISDN-6-CONNECT: Interface BRI4/0:2 is now connected to 59
    ~ 8e88130eea6d43dfa62e20450cd0547f00000000
    ~ 3w4d: ISDN BR4/0 EVENT: process_rxstate: ces/callid 1/0x17 calltype 1
    ~ HOST_DISCONNECT_ACK
    ~ 3w4d: %ISDN-6-DISCONNECT: Interface BRI4/0:2 disconnected from 59
    ~ 8e88130eea6d43dfa62e20450cd0547f00000000, call lasted 6 seconds
    ~ 3w4d: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to down
    ~
    ~ Any hints appreciated ...
    ~
    ~ gg
     
    Aaron Leonard, Dec 17, 2004
    #2
    1. Advertisements

  3. 12.2(13)T9 ...
    See below ...
    got a general "protocol ip permit" in there, but I always thought the
    dialer list is only for dialout ...

    Btw, ignore the "user-User" lines below, they are from our PBX ...

    *Dec 18 06:52:14.283: ISDN BR4/0 Q931: RX <- SETUP_ACK pd = 8 callref =
    0xA6
    Channel ID i = 0x89
    *Dec 18 06:52:14.711: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406, 'P---i---- ', 0xF10690,
    '---i---- ', 0xF10610, '59 ', 0x06C8,
    '59 ', 0x00
    *Dec 18 06:52:14.731: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406, '0---i----$ 07!27', 0x00
    *Dec 18 06:52:14.779: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406E0, ' ', 0x00
    *Dec 18 06:52:14.795: ISDN BR4/0 Q931: RX <- SETUP pd = 8 callref = 0x74
    Sending Complete
    Bearer Capability i = 0x8890
    Standard = CCITT
    Transer Capability = Unrestricted Digital
    Transfer Mode = Circuit
    Transfer Rate = 64 kbit/s
    Channel ID i = 0x8A
    Calling Party Number i = 0x41, 0x80, '59'
    Plan:ISDN, Type:Subscriber(local)
    Called Party Number i = 0x81, '57'
    Plan:ISDN, Type:Unknown
    *Dec 18 06:52:14.799: ISDN BR4/0 EVENT: process_rxstate: ces/callid
    1/0x1C calltype 1 HOST_INCOMING_CALL
    *Dec 18 06:52:14.799: ISDN BR4/0 EVENT: UserIdle: callid 0x1C received
    ACCEPT_CALL (0x13)
    3w4d: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to up
    *Dec 18 06:52:14.803: BR4/0:2 PPP: Using dialer call direction
    *Dec 18 06:52:14.803: BR4/0:2 PPP: Treating connection as a callin
    *Dec 18 06:52:14.803: BR4/0:2 PPP: Phase is ESTABLISHING, Passive Open
    *Dec 18 06:52:14.803: BR4/0:2 LCP: State is Listen
    *Dec 18 06:52:14.815: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406, 'p---i----$ 07!27', 0x00
    *Dec 18 06:52:14.851: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x040690, '----------------', 0x00
    *Dec 18 06:52:15.143: ISDN BR4/0 Q931: RX <- ALERTING pd = 8 callref = 0xA6
    Channel ID i = 0x89
    *Dec 18 06:52:15.231: ISDN BR4/0 Q931: RX <- CONNECT pd = 8 callref = 0xA6
    Date/Time i = 0x040C12071B
    *Dec 18 06:52:15.315: ISDN BR4/0 Q931: RX <- CONNECT_ACK pd = 8 callref
    = 0x74
    *Dec 18 06:52:15.539: BR4/0:2 LCP: I CONFREQ [Listen] id 0 len 44
    *Dec 18 06:52:15.539: BR4/0:2 LCP: MagicNumber 0x26254D82
    (0x050626254D82)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: PFC (0x0702)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: ACFC (0x0802)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: Callback 6 (0x0D0306)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: EndpointDisc 1 Local
    *Dec 18 06:52:15.539: BR4/0:2 LCP: (0x1317018E88130EEA6D43DFA62E20450C)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: (0xD0547F00000000)
    *Dec 18 06:52:15.539: BR4/0:2 PPP: Authorization required
    *Dec 18 06:52:15.539: BR4/0:2 LCP: O CONFREQ [Listen] id 72 len 14
    *Dec 18 06:52:15.539: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: MagicNumber 0x54975C07
    (0x050654975C07)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: O CONFREJ [Listen] id 0 len 11
    *Dec 18 06:52:15.539: BR4/0:2 LCP: Callback 6 (0x0D0306)
    *Dec 18 06:52:15.539: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    *Dec 18 06:52:15.735: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406, 'P---I---- ', 0xF10690,
    '---I---- ', 0xF10610, '57 59 ', 0x06C8,
    '57 59 ', 0x00
    *Dec 18 06:52:15.755: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406, '0---I----$ 07!27', 0x00
    *Dec 18 06:52:15.779: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406E0, ' ', 0x00
    *Dec 18 06:52:15.795: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x0406, 'p---I----$ 07!27', 0x00
    *Dec 18 06:52:15.839: ISDN BR4/0 Q931: RX <- USER_INFO pd = 8 callref =
    0x81
    User-User i = 0x040690, '----------------', 0x00
    *Dec 18 06:52:17.395: BR4/0:2 LCP: I CONFREQ [REQsent] id 1 len 44
    *Dec 18 06:52:17.395: BR4/0:2 LCP: MagicNumber 0x26254D82
    (0x050626254D82)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: PFC (0x0702)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: ACFC (0x0802)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: Callback 6 (0x0D0306)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: EndpointDisc 1 Local
    *Dec 18 06:52:17.395: BR4/0:2 LCP: (0x1317018E88130EEA6D43DFA62E20450C)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: (0xD0547F00000000)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: O CONFREJ [REQsent] id 1 len 11
    *Dec 18 06:52:17.395: BR4/0:2 LCP: Callback 6 (0x0D0306)
    *Dec 18 06:52:17.395: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    *Dec 18 06:52:17.539: BR4/0:2 LCP: TIMEout: State REQsent
    *Dec 18 06:52:17.539: BR4/0:2 LCP: O CONFREQ [REQsent] id 73 len 14
    *Dec 18 06:52:17.539: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    *Dec 18 06:52:17.539: BR4/0:2 LCP: MagicNumber 0x54975C07
    (0x050654975C07)
    *Dec 18 06:52:19.555: BR4/0:2 LCP: TIMEout: State REQsent
    *Dec 18 06:52:19.555: BR4/0:2 LCP: O CONFREQ [REQsent] id 74 len 14
    *Dec 18 06:52:19.555: BR4/0:2 LCP: AuthProto PAP (0x0304C023)
    *Dec 18 06:52:19.555: BR4/0:2 LCP: MagicNumber 0x54975C07
    (0x050654975C07)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: I CONFREQ [REQsent] id 2 len 44
    *Dec 18 06:52:20.399: BR4/0:2 LCP: MagicNumber 0x26254D82
    (0x050626254D82)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: PFC (0x0702)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: ACFC (0x0802)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: Callback 6 (0x0D0306)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: EndpointDisc 1 Local
    *Dec 18 06:52:20.399: BR4/0:2 LCP: (0x1317018E88130EEA6D43DFA62E20450C)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: (0xD0547F00000000)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: O CONFREJ [REQsent] id 2 len 11
    *Dec 18 06:52:20.399: BR4/0:2 LCP: Callback 6 (0x0D0306)
    *Dec 18 06:52:20.399: BR4/0:2 LCP: MRRU 1614 (0x1104064E)
    3w4d: %ISDN-6-CONNECT: Interface BRI4/0:2 is now connected to 59
    8e88130eea6d43dfa62e20450cd0547f00000000
    *Dec 18 06:52:20.803: ISDN BR4/0 EVENT: process_rxstate: ces/callid
    1/0x1C calltype 1 HOST_DISCONNECT_ACK
    3w4d: %ISDN-6-DISCONNECT: Interface BRI4/0:2 disconnected from 59
    8e88130eea6d43dfa62e20450cd0547f00000000, call lasted 6 seconds
    3w4d: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to down
    *Dec 18 06:52:20.803: BR4/0:2 PPP: Sending Acct Event[Down] id[1C1]
    *Dec 18 06:52:20.807: BR4/0:2 LCP: State is Closed
    *Dec 18 06:52:20.807: BR4/0:2 PPP: Phase is DOWN

    Still can't see any attempts at authentication ... radius server doesn't
    log any packets either ... (though auth for terminal login is going
    through it successfully, too)
     
    Garry Glendown, Dec 18, 2004
    #3
  4. P.S. - I tried using a dialup profile on the test-pc that works fine
    with another router, so there shouldn't be any problems there, either ...
     
    Garry Glendown, Dec 18, 2004
    #4
  5. Hi Garry,
    It's not too easy to tell without the complete configs. So these are
    somewhat stabs at the problem...

    I don't see any AAA debug messages showing in your debugs. Do you have the
    command AAA NEW MODEL (activates AAA service) in the config?

    Also I see no reference to the radius server (ie., RADIUS-SERVER HOST
    x.x.x.x KEY yyyyyy) which is required.

    Your AAA AUTHENTICATION LOGIN and AAA AUTHENTICATION PPP statements
    reference the local database (username list within the IOS config) as first
    choice for authentication ahead of the Radius server, so you would not
    necessarily see hits on the Radius server come into play unless that local
    IOS config database doesn't exist.

    Also, for good practice - it's best to place the order of choice for PPP
    authentication as:

    PPP AUTHENTICATION CHAP PAP... rather than having PAP first as PAP passes ID
    and password in plain text and as it is weak security-wise should only be
    used as a last resort.

    FWIW,
    Robert
     
    Bob by the Bay, Dec 18, 2004
    #5
  6. Yup, it's in there ...
    Left that out on the post, but as mentioned before, the router already
    does radius auth for telnet login, so that part is working ..
    Removed the local auth, still no AAA requests going out (or being
    listed) ...
    Had changed that, too ... (was an old config ...)

    For reference, here's a slightly more complete config overview ...




    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log uptime
    no service password-encryption
    !
    hostname Router
    !
    enable secret 5 xxx
    !
    clock timezone MET 1
    clock summer-time MET-DST recurring last Sun Mar 2:00 3 Sun Oct 2:00
    aaa new-model
    !
    !
    aaa authentication login default local group radius
    aaa authentication login dialin group radius
    aaa authentication ppp tonline local
    aaa authentication ppp dialin group radius
    aaa authorization exec default local group radius
    aaa authorization network default group radius
    aaa accounting network default start-stop group radius
    aaa accounting connection default start-stop group radius
    aaa session-id common
    ip subnet-zero
    no ip source-route
    !
    !
    ip name-server 212.218.0.3
    ip name-server 212.218.212.3
    !
    ip cef
    !
    isdn switch-type basic-net3
    !
    interface FastEthernet2/0
    ip address y.y.y.y 255.255.255.0
    no ip route-cache
    no ip mroute-cache
    duplex full
    tag-switching mtu 1520
    tag-switching ip
    !
    interface FastEthernet3/0
    ip address x.x.x.x 255.255.255.192
    no ip route-cache
    no ip mroute-cache
    duplex full
    tag-switching mtu 1520
    !
    interface BRI4/0
    ip unnumbered FastEthernet3/0
    ip accounting access-violations
    encapsulation ppp
    dialer idle-timeout 600
    dialer-group 1
    isdn switch-type basic-net3
    isdn answer1 57
    peer default ip address pool dialin
    no keepalive
    no cdp enable
    ppp authentication chap pap callin dialin
    !
    interface Ethernet5/0
    no ip address
    shutdown
    duplex full
    pppoe enable
    pppoe-client dial-pool-number 4
    pppoe-client dial-pool-number 1
    !
    interface Dialer1
    mtu 1492
    bandwidth 2048
    ip address negotiated previous
    ip nat outside
    encapsulation ppp
    ip tcp adjust-mss 1416
    ip ospf cost 300
    no ip mroute-cache
    shutdown
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin tonline
    ppp pap sent-username password xxx
    !
    !
    router ospf 1
    [..]
    !
    ip local pool dialin x.x.x.240 x.x.x.254
    ip classless
    no ip http server
    !
    !
    dialer-list 1 protocol ip permit
    !
    !
    !
    radius-server host x.x.x.x auth-port 1812 acct-port 1813
    radius-server key 7 xxxx
    radius-server authorization permit missing Service-Type
    call rsvp-sync
    !
    !
    mgcp profile default
    !
    dial-peer cor custom
    !
    line con 0
    line aux 0
    line vty 0 4
    !
    !
    end
     
    Garry Glendown, Dec 18, 2004
    #6
  7. Garry,
    Thanks for the updated info.

    I'm looking at the end of your debug messages:

    3w4d: %ISDN-6-CONNECT: Interface BRI4/0:2 is now connected to 59
    8e88130eea6d43dfa62e20450cd0547f00000000
    *Dec 18 06:52:20.803: ISDN BR4/0 EVENT: process_rxstate: ces/callid <------
    1/0x1C calltype 1 HOST_DISCONNECT_ACK
    3w4d: %ISDN-6-DISCONNECT: Interface BRI4/0:2 disconnected from 59
    8e88130eea6d43dfa62e20450cd0547f00000000, call lasted 6 seconds

    I'm seeing a reference to caller ID "callid" right before the disconnect.

    You might try leaving off the ISDN ANSWER1 57 called ID statement briefly
    and see if the call stays up for more than 6 seconds.
    My thought is that an caller/called ID mismatch may be killing the call
    before it gets to PPP CHAP AUTH.

    Robert

     
    Bob by the Bay, Dec 18, 2004
    #7
  8. Garry Glendown

    gkg Guest

    Nope ... same result ...

    Anyway, I recon I was messing around with it too much yesterday ...
    guess a good night's sleep does help some ...

    I'm using an 801 as a CAPI server (for lock of anything else suitable),
    and noticed that it was accepting the calls it was doing itself ...
    (being on the same bus - strange still, as the router was reporting the
    line up ...) - added the appropriate isdn answer ID, and the output on
    my dialin port now changed to this:

    *Dec 19 07:53:10.631: ISDN BR4/0 EVENT: process_rxstate: ces/callid
    1/0x9 calltype 1 HOST_INCOMING_CALL
    *Dec 19 07:53:10.631: ISDN BR4/0 EVENT: UserIdle: callid 0x9 received
    ACCEPT_CALL (0x13)
    00:23:05: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to up
    *Dec 19 07:53:10.635: BR4/0:2 PPP: Using dialer call direction
    *Dec 19 07:53:10.635: BR4/0:2 PPP: Treating connection as a callin
    *Dec 19 07:53:10.635: BR4/0:2 PPP: Phase is ESTABLISHING, Passive Open
    *Dec 19 07:53:10.635: BR4/0:2 LCP: State is Listen
    *Dec 19 07:53:12.643: BR4/0:2 LCP: TIMEout: State Listen
    *Dec 19 07:53:12.643: BR4/0:2 PPP: Authorization required
    *Dec 19 07:53:12.643: BR4/0:2 AAA/AUTHOR/LCP: Authorization succeeds
    trivially
    *Dec 19 07:53:12.643: BR4/0:2 LCP: O CONFREQ [Listen] id 18 len 15
    *Dec 19 07:53:12.643: BR4/0:2 LCP: AuthProto CHAP (0x0305C22305)
    *Dec 19 07:53:12.643: BR4/0:2 LCP: MagicNumber 0xD078E30E
    (0x0506D078E30E)
    *Dec 19 07:53:14.659: BR4/0:2 LCP: TIMEout: State REQsent
    *Dec 19 07:53:14.659: BR4/0:2 LCP: O CONFREQ [REQsent] id 19 len 15
    *Dec 19 07:53:14.659: BR4/0:2 LCP: AuthProto CHAP (0x0305C22305)
    *Dec 19 07:53:14.659: BR4/0:2 LCP: MagicNumber 0xD078E30E
    (0x0506D078E30E)
    00:23:11: %ISDN-6-CONNECT: Interface BRI4/0:2 is now connected to 59
    *Dec 19 07:53:16.635: ISDN BR4/0 EVENT: process_rxstate: ces/callid
    1/0x9 calltype 1 HOST_DISCONNECT_ACK
    00:23:11: %ISDN-6-DISCONNECT: Interface BRI4/0:2 disconnected from 59 ,
    call lasted 6 seconds
    00:23:11: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to down
    *Dec 19 07:53:16.635: BR4/0:2 PPP: Sending Acct Event[Down] id[9]
    *Dec 19 07:53:16.639: BR4/0:2 LCP: State is Closed
    *Dec 19 07:53:16.639: BR4/0:2 PPP: Phase is DOWN

    Anyway, the PC I try the dialup with now reports that there was no
    answer ...
    I guess I will try to hook up the outgoing router to a different ISDN
    line tomorrow and see what happens ... guess I can't rule out a basic
    problem with the ISDN lines at the moment, so no real use in messing
    around with it now ...
     
    gkg, Dec 19, 2004
    #8
  9. Garry Glendown

    Cisco Fan Guest

    Hm ... changed the dialin line from the router, also tried dialing in
    from a regular PC, still the same ...

    *Dec 20 08:24:13.097: ISDN BR4/0 EVENT: process_rxstate: ces/callid
    1/0xF calltype 1 HOST_INCOMING_CALL
    *Dec 20 08:24:13.097: ISDN BR4/0 EVENT: UserIdle: callid 0xF received
    ACCEPT_CALL (0x13)
    1d00h: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to up
    *Dec 20 08:24:13.101: BR4/0:2 PPP: Using dialer call direction
    *Dec 20 08:24:13.101: BR4/0:2 PPP: Treating connection as a callin
    *Dec 20 08:24:13.101: BR4/0:2 PPP: Phase is ESTABLISHING, Passive Open
    *Dec 20 08:24:13.101: BR4/0:2 LCP: State is Listen
    *Dec 20 08:24:15.101: BR4/0:2 LCP: TIMEout: State Listen
    *Dec 20 08:24:15.101: BR4/0:2 PPP: Authorization required
    *Dec 20 08:24:15.101: BR4/0:2 AAA/AUTHOR/LCP: Authorization succeeds
    trivially
    *Dec 20 08:24:15.101: BR4/0:2 LCP: O CONFREQ [Listen] id 26 len 15
    *Dec 20 08:24:15.101: BR4/0:2 LCP: AuthProto CHAP (0x0305C22305)
    *Dec 20 08:24:15.101: BR4/0:2 LCP: MagicNumber 0xD5BBAA56
    (0x0506D5BBAA56)
    *Dec 20 08:24:17.117: BR4/0:2 LCP: TIMEout: State REQsent
    *Dec 20 08:24:17.117: BR4/0:2 LCP: O CONFREQ [REQsent] id 27 len 15
    *Dec 20 08:24:17.117: BR4/0:2 LCP: AuthProto CHAP (0x0305C22305)
    *Dec 20 08:24:17.117: BR4/0:2 LCP: MagicNumber 0xD5BBAA56
    (0x0506D5BBAA56)
    1d00h: %ISDN-6-CONNECT: Interface BRI4/0:2 is now connected to 59
    *Dec 20 08:24:19.101: ISDN BR4/0 EVENT: process_rxstate: ces/callid
    1/0xF calltype 1 HOST_DISCONNECT_ACK
    1d00h: %ISDN-6-DISCONNECT: Interface BRI4/0:2 disconnected from 59 ,
    call lasted 6 seconds
    1d00h: %LINK-3-UPDOWN: Interface BRI4/0:2, changed state to down
    *Dec 20 08:24:19.101: BR4/0:2 PPP: Sending Acct Event[Down] id[11]
    *Dec 20 08:24:19.101: BR4/0:2 LCP: State is Closed
    *Dec 20 08:24:19.105: BR4/0:2 PPP: Phase is DOWN
     
    Cisco Fan, Dec 20, 2004
    #9
  10. Garry Glendown

    Ivan Ostreš Guest

    Your problem here is that "the other side" is not reacting to your "CHAP
    proposal". What is the other side? Is it under your administration? Is
    it possible to see the config from it?
     
    Ivan Ostreš, Dec 20, 2004
    #10
  11. Garry Glendown

    Cisco Fan Guest

    The "other side" is a PC (through both network CAPI and a physical ISDN
    card) with dialup networking ... same config on it works with a Lucent
    Ascend Max ... I guess I can try to set up a regular dialout config on a
    router, but the PC dialin should be working w/o any problems ...

    -gg
     
    Cisco Fan, Dec 20, 2004
    #11
  12. Garry Glendown

    Ivan Ostreš Guest

    Hm.. i would try to make router to authenticate only when someone does
    callin to the router, not on callout and would put just PAP on both the
    router and the PC. That should work. If not, post the same debugs after
    this changes..
     
    Ivan Ostreš, Dec 20, 2004
    #12
  13. .... if you have ruled everything except one thing, that one thing left
    must be the solution, no matter how improbable ... or something like
    that ...

    Pulled out another router today, same problems --- hooked it up to the
    NTBA directly and it worked ... turns out one of the cross connects
    between our patch panels is defective - signals got TO the router, but
    the routers signalling never made it back to the PBX ... used a
    different slot, the Cisco worked just as expected ...

    Tnx to all for your suggestions and support ...

    -garry
     
    Garry Glendown, Dec 20, 2004
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.