Hi everybody:
Thanks for the help received in previous questions.
I have a ROUTER 3640 and the users that access to the router need to be
AUNTHENTICATED and given an IP ADDRESS by a RADIUS SERVER (Safe Data).
It doesn't work; it authenticates but the authorization fails.
I don't know the radius server but I want to be sure the router
configuration is OK and then find out what's up with the radius server.
The radius configuration I use is:
aaa new-model
aaa authentication login default local group radius
aaa authentication ppp default local group radius
aaa authorization network default local group radius
radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
radius-server key xxx
If you have any idea that may help please let me know because I'm running
out of inspiration.
Thanks in andvance.
I send you below the whole configuration just in case it were relevant and I
did't know.
Just a clarifing note about the configuration, there is a local pool (that I
don't use now) that I used when I first test the configuration without
radius (and it worked) that I don't think it should affect but I am not
sure. And another thing is that I first authenticate local, and as it
doesn't have the user it goes to radius authentication (I had thought that
when I get the radius work then I will take away the local word).
router#show conf
Using 2044 out of 129016 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
aaa new-model
aaa authentication login default local group radius
aaa authentication ppp default local group radius
aaa authorization network default local group radius
enable secret 5 $1$OyPF$986XdlgPOWVEghMYHTjMe/
enable password cisco
!
username prueba pas
!
!
!
!
modem country mica spain
ip subnet-zero
!
isdn switch-type basic-net3
!
!
process-max-time 200
!
interface BRI0/0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer idle-timeout 600
dialer-group 1
isdn switch-type basic-net3
isdn incoming-voice modem
ppp authentication chap
!
interface BRI0/1
no ip address
no ip directed-broadcast
encapsulation ppp
dialer idle-timeout 600
dialer-group 1
isdn switch-type basic-net3
isdn incoming-voice modem
ppp authentication chap
!
interface BRI0/2
no ip address
no ip directed-broadcast
encapsulation ppp
dialer idle-timeout 600
dialer-group 1
isdn switch-type basic-net3
isdn incoming-voice modem
ppp authentication chap
!
interface BRI0/3
no ip address
no ip directed-broadcast
encapsulation ppp
dialer idle-timeout 600
dialer-group 1
isdn switch-type basic-net3
isdn incoming-voice modem
ppp authentication chap
!
interface Ethernet1/0
ip address 192.168.3.2 255.255.255.0
no ip directed-broadcast
!
interface Group-Async1
ip unnumbered Ethernet1/0
no ip directed-broadcast
encapsulation ppp
async mode interactive
peer default ip address pool setup_pool
ppp authentication chap
group-range 65 70
!
ip local pool setup_pool 192.168.3.10 192.168.3.19
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.1
no ip http server
!
dialer-list 1 protocol ip permit
radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
radius-server key xxx
!
line con 0
transport input none
line 65 70
autoselect during-login
autoselect ppp
modem Dialin
transport input all
flowcontrol hardware
line aux 0
line vty 0 4
password xxx
!
end
______________________________________
NURIA CAÑAMARES CORRETGÉ
SIEMENS S.A.
Departamento Técnico de la Zona Norte
División de Redes de la Información y Telecomunicaciones
Grandes Empresas
Tlf: +34 948247400 Fax: +34 948247739
Miguel Astrain 18 - 1º -L 31006 Pamplona
Navarra
[EMAIL PROTECTED]
______________________________________
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
