Francisco, Create a new AAA authentication profile (instead of default use a custom name) and set it to local authentication. Apply that on the virtual-template you use for PPTP
Arie -----Original Message----- From: cisco-nsp [mailto:[email protected]] On Behalf Of Francisco Lopez Posadas Sent: Monday, July 21, 2014 08:34 To: [email protected] Subject: [c-nsp] PPPoE and PPtP Problems Hello, my debut with a question and see if you can help me. I currently have a Cisco 7206VXR where I have a Radius server configured for PPPoE. The problem is that I also used for PPTP and that's what I do not. I would like to access through PPTP out under local authentication only, not the radius. I have ver 12.4-24-T2 advance enterprise. I copied the current config in case I see something strange: upgrade fpd auto version 12.4 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname xxxxxxxxx ! boot-start-marker boot system disk2:c7200-adventerprisek9-mz.124-24.T2.bin boot-end-marker ! logging message-counter syslog logging snmp-authfail logging queue-limit 100 enable secret 5 ************************* ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting delay-start aaa accounting update periodic 3 aaa accounting exec default action-type start-stop group radius ! aaa accounting network default action-type start-stop group radius ! aaa accounting network vpdn action-type start-stop group radius ! ! aaa nas port extended aaa server radius dynamic-author server-key 7 ***************** auth-type any ! aaa session-id common ip source-route ip cef ! ! ! multilink bundle-name authenticated vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 force-local-chap ! ! ! bba-group pppoe global virtual-template 2 ! ! interface Loopback0 no ip address ! ! interface Virtual-Template1 ip unnumbered GigabitEthernet0/1 ip virtual-reassembly peer default ip address pool vpn-pptp no keepalive ppp encrypt mppe 128 ppp authentication ms-chap pap chap ms-chap-v2 ! interface Virtual-Template2 mtu 1492 ip unnumbered GigabitEthernet0/1.xxx no ip redirects no ip unreachables no ip proxy-arp no snmp trap link-status peer default ip address dhcp-pool pruebas keepalive 4 ppp authentication chap pap ppp ipcp route default ppp multilink ! ip local pool vpn-pptp 10.13.0.9 10.13.0.14 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxx no ip http server no ip http secure-server ! ! radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 radius-server timeout 3 radius-server key 7 **************** radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 password 7 **************************** stopbits 1 line aux 0 stopbits 1 line vty 0 4 password 7 **************************** transport input ssh ! End ThankĀ“s in advance _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
