It seems we are getting the LCP I 00:27:39: BR0:1 LCP: I TERMREQ [Open] id 3 len 4
not very clear, in fact why is the remote sending LCP O TERM could you collect? (from remote) deb ppp neg deb ppp authen deb aaa author deb isdn q931 deb tacacs regards devvv ----- Original Message ----- From: "Shane Stockman" To: Sent: Friday, July 04, 2003 7:53 PM Subject: Tacacs help required [7:71818] > 1720 router with 128K primary link and ISDN Backup. > Problem > When primary link falls ISDN backup has authentications problems due to > tacacs on both sides (Remote and HQ). > > Here is my Remote side config and debug > > aaa new-model > aaa authentication login default group tacacs+ local > aaa authentication enable default group tacacs+ enable > aaa authentication ppp default local none > aaa authorization exec default local group tacacs+ > aaa authorization network default local none > aaa accounting exec default start-stop group tacacs+ > aaa accounting commands 15 default start-stop group tacacs+ > aaa accounting network default start-stop group tacacs+ > > > Log Buffer (4096 bytes): > CONFREQ [ACKsent] id 8 len 26 > 00:23:49: BR0:1 LCP: MagicNumber 0x0958D9C8 (0x05060958D9C8) > 00:23:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:23:49: BR0:1 LCP: I CONFACK [ACKsent] id 8 len 26 > 00:23:49: BR0:1 LCP: MagicNumber 0x0958D9C8 (0x05060958D9C8) > 00:23:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:23:49: BR0:1 LCP: State is Open > 00:23:49: BR0:1 PPP: Phase is AUTHENTICATING, by the peer > Jul 2 18:48:06: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to > 011654760 > 0 > 00:24:00: BR0:1 AUTH: Timeout 1 > 00:24:10: BR0:1 AUTH: Timeout 2 > 00:24:20: BR0:1 AUTH: Timeout 3 > 00:24:30: BR0:1 AUTH: Timeout 4 > 00:24:48: BR0:1 AUTH: Timeout 5 > 00:24:58: BR0:1 AUTH: Timeout 6 > 00:25:08: BR0:1 AUTH: Timeout 7 > 00:25:18: BR0:1 AUTH: Timeout 8 > 00:25:28: BR0:1 AUTH: Timeout 9 > 00:25:38: BR0:1 AUTH: Timeout 10 > 00:25:48: BR0:1 LCP: I TERMREQ [Open] id 15 len 4 > 00:25:48: BR0:1 LCP: O TERMACK [Open] id 15 len 4 > 00:25:48: BR0:1 PPP: Phase is TERMINATING > Jul 2 18:49:59: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from > 0116547 > 600 , call lasted 119 seconds > Jul 2 18:49:59: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down > Jul 2 18:49:59: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0 > 00:25:48: BR0:1 LCP: State is Closed > 00:25:48: BR0:1 PPP: Phase is DOWN > Jul 2 18:50:00: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up > Jul 2 18:50:00: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0 > 00:25:49: BR0:1 PPP: Treating connection as a callout > 00:25:49: BR0:1 PPP: Phase is ESTABLISHING, Active Open > 00:25:49: BR0:1 PPP: Authorization required > 00:25:49: BR0:1 PPP: No remote authentication for call-out > 00:25:49: BR0:1 LCP: O CONFREQ [Closed] id 9 len 30 > 00:25:49: BR0:1 LCP: MagicNumber 0x095AAF85 (0x0506095AAF85) > 00:25:49: BR0:1 LCP: MRRU 1524 (0x110405F4) > 00:25:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:25:49: BR0:1 LCP: I CONFREQ [REQsent] id 2 len 14 > 00:25:49: BR0:1 LCP: AuthProto PAP (0x0304C023) > 00:25:49: BR0:1 LCP: MagicNumber 0x3375A3CD (0x05063375A3CD) > 00:25:49: BR0:1 LCP: O CONFACK [REQsent] id 2 len 14 > 00:25:49: BR0:1 LCP: AuthProto PAP (0x0304C023) > 00:25:49: BR0:1 LCP: MagicNumber 0x3375A3CD (0x05063375A3CD) > 00:25:49: BR0:1 LCP: I CONFREJ [ACKsent] id 9 len 8 > 00:25:49: BR0:1 LCP: MRRU 1524 (0x110405F4) > 00:25:49: BR0:1 LCP: O CONFREQ [ACKsent] id 10 len 26 > 00:25:49: BR0:1 LCP: MagicNumber 0x095AAF85 (0x0506095AAF85) > 00:25:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:25:49: BR0:1 LCP: I CONFACK [ACKsent] id 10 len 26 > 00:25:49: BR0:1 LCP: MagicNumber 0x095AAF85 (0x0506095AAF85) > 00:25:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:25:49: BR0:1 LCP: State is Open > 00:25:49: BR0:1 PPP: Phase is AUTHENTICATING, by the peer > Jul 2 18:50:06: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to > 0112345678 > 0 > 00:25:59: BR0:1 AUTH: Timeout 1 > 00:26:09: BR0:1 AUTH: Timeout 2 > 00:26:19: BR0:1 AUTH: Timeout 3 > 00:26:29: BR0:1 AUTH: Timeout 4 > 00:26:39: BR0:1 AUTH: Timeout 5 > Jul 2 18:50:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, > change > d state to up > 00:26:49: BR0:1 AUTH: Timeout 6 > 00:26:59: BR0:1 AUTH: Timeout 7 > Jul 2 18:51:13: %SYS-5-CONFIG_I: Configured from console by vty1 > (172.16.54.69) > 00:27:10: BR0:1 AUTH: Timeout 8 > Jul 2 18:51:29: %LINK-5-CHANGED: Interface Dialer0, changed state to > standby mo > de > 00:27:18: Di0 LCP: Not allowed on a Dialer Profile > 00:27:20: BR0:1 AUTH: Timeout 9 > 00:27:30: BR0:1 AUTH: Timeout 10 > 00:27:39: BR0:1 LCP: I TERMREQ [Open] id 3 len 4 > 00:27:39: BR0:1 LCP: O TERMACK [Open] id 3 len 4 > 00:27:39: BR0:1 PPP: Phase is TERMINATING > Jul 2 18:51:51: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from > 0112345678 > , call lasted 110 seconds > Jul 2 18:51:51: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down > Jul 2 18:51:51: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0 > 00:27:40: BR0:1 LCP: State is Closed > 00:27:40: BR0:1 PPP: Phase is DOWN > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > isdn switch-type basic-net3 > ! > ! > ! > interface BRI0 > no ip address > encapsulation ppp > dialer pool-member 1 > isdn switch-type basic-net3 > no fair-queue > ppp authentication chap pap > ppp multilink > ! > interface FastEthernet0 > description ALBERANTE LOCAL ETHERNET SEGMENT > ip address 172.20.51.1 255.255.255.0 > speed 100 > full-duplex > no cdp enable > ! > interface Serial0 > description 128KB LINK ALBERANTE > bandwidth 128 > backup delay 10 30 > backup interface Dialer0 > ip address 172.20.140.34 255.255.255.252 > no fair-queue > ! > interface Dialer0 > description ISDN BACKUP > ip address 172.20.61.54 255.255.255.252 > ip broadcast-address 172.20.61.55 > encapsulation ppp > no ip mroute-cache > dialer pool 1 > dialer remote-name ZA108005D > dialer idle-timeout 180 > dialer string 0112345678 > dialer load-threshold 180 either > dialer-group 1 > ppp authentication chap callin > ppp chap hostname ALBERANTE > ppp chap password x > ppp multilink > ! > router eigrp 328 > network 172.20.0.0 > no auto-summary > no eigrp log-neighbor-changes > ! > ip classless > ip route 0.0.0.0 0.0.0.0 172.20.61.53 200 > > ntp clock-period 17179888 > ntp server 172.20.108.2 > end > > The HQ side has same Tacacs config and same dialer profile.If the is no > tacacs is on remote side then the isdn backup works fine.Once tacacs is on > then it fails to authenticate locally.I am using local username and > password. > > Any ideas ??? > > > Thanks > > _________________________________________________________________ > Online - Offline - Day time - Night time. Buy and Sell - Aucor Auctions! > http://www.aucor.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71912&t=71818 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
