> From: "Oliver Boehmer (oboehmer)" <[EMAIL PROTECTED]> > Date: Wed, 6 Feb 2008 05:13:56 +0100 > To: Nick Voth <[EMAIL PROTECTED]>, <cisco-nsp@puck.nether.net> > Conversation: [c-nsp] PPP Authentication on Serial T1 Interface with PPP > Subject: RE: [c-nsp] PPP Authentication on Serial T1 Interface with PPP > > Nick Voth <> wrote on Tuesday, February 05, 2008 11:14 PM: > >> Hello folks, >> >> Sorry for hammering on the list again for help, but this is my first >> T1 done this way. We have a channelized DS3 coming in on a PA-MC-T3 >> card on a 7206. We are getting LCP errors from the far end. I suspect >> it's because I haven't set up any PPP authentication on the 7206 end, >> BUT I don't know how to get past this. >> >> With "debug ppp auth" enabled I see: >> >> AAA/AUTHOR/LCP: Denied >> >> Here is the config of the individual T1 interface: >> >> interface Serial4/0/1:0 >> description Titan Manufacturing >> ip address 10.0.0.5 255.255.255.252 >> no ip redirects >> no ip unreachables >> no ip proxy-arp >> encapsulation ppp >> no cdp enable >> >> Is there a PPP command that will tell my end, (7206 with the DS3), >> that no authentication is necessary? The far end is a Kentrox T1 >> router and we've never needed to configure a PPP username/password >> with those, when they are talking to each other on both sides of the >> T1. > > I guess you have > > aaa new-model > aaa authorization network default group {tacacs+|radius} ... > > somewhere in your config? This triggers authorization (not > authentication) on your leased line. To "fix" this, just use > > aaa authorization network NOAUTH none > int s4/0/1:0 > ppp authorization NOAUTH > > or use a non-default group on your other interface where you do want to > use authen/author. > > oli
Oliver, Thanks very much. That definitely did the trick! -Nick Voth _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/