Hi Everyone.
I am having trouble trying to work out why I cannot get a router to connect
via ISDN to another router when tacacs is configured. I want to use the
local Tacacs database and I have followed the instructions on the cisco web
site
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c2.htm.
I would appreciate any feedback that anyone has.
This is the scenario
RouterA ---> dials into ----> RouterB
When I remove the aaa configuration parameters from router A it works fine.
Router A config:
username RouterB password xxxxxxxxx
aaa new-model
aaa authentication enable default enable
aaa authentication ppp default local
int bri 0/0
no ip address
no ip redirects
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
no fair-queue
ppp authentication chap
!
interface Dialer1
ip address 192.168.0.186 255.255.255.252
no ip redirects
no ip directed-broadcast
encapsulation ppp
dialer remote-name RouterB
dialer pool 1
dialer idle-timeout 60
dialer string 5555555
dialer hold-queue 10
dialer-group 1
no fair-queue
ppp authentication chap
Router B config:
username RouterA password xxxxxxxxx
aaa new-model
aaa authentication enable default enable
aaa authentication ppp default local
int bri 3/1
ip address 192.168.0.186 255.255.255.252
encapsulation ppp
dialer idle-timeout 60
dialer map ip 192.168.0.186 name RouterA 5554324
dialer-group 2
ppp authentication chap
This is the debug output - I tried using debug aaa authentication but there
was no output from either router.
Debug ppp authentication on Router A:
*Mar 21 23:30:17: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
*Mar 21 23:30:17: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
*Mar 21 23:30:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to
5555555 .
*Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout
*Mar 21 23:30:17: BR0/0:1 CHAP: O CHALLENGE id 142 len 31 from "RouterA"
*Mar 21 23:30:17: BR0/0:1 CHAP: I CHALLENGE id 227 len 31 from "RouterB"
*Mar 21 23:30:17: BR0/0:1 CHAP: Unable to authenticate for peer
*Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout
*Mar 21 23:30:17: %DIALER-6-UNBIND: Interface BR0/0:1 unbound from profile
Di1
*Mar 21 23:30:18: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
*Mar 21 23:30:19: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to up
*Mar 21 23:30:19: %DIALER-6-BIND: Interface BR0/0:2 bound to profile Di1.
*Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout
*Mar 21 23:30:19: BR0/0:2 CHAP: O CHALLENGE id 66 len 31 from "RouterA"
*Mar 21 23:30:19: BR0/0:2 CHAP: I CHALLENGE id 228 len 31 from "RouterB"
*Mar 21 23:30:19: BR0/0:2 CHAP: Unable to authenticate for peer
*Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout
*Mar 21 23:30:19: %DIALER-6-UNBIND: Interface BR0/0:2 unbound from profile
Di1
*Mar 21 23:30:20: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
*Mar 21 23:30:21: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
*Mar 21 23:30:21: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
*Mar 21 23:30:21: BR0/0:1 PPP: Treating connection as a callout
*Mar 21 23:30:21: BR0/0:1 CHAP: O CHALLENGE id 143 len 31 from "RouterA"
*Mar 21 23:30:21: BR0/0:1 CHAP: I CHALLENGE id 229 len 31 from "RouterB"
.*Mar 21 23:30:21: BR0/0:1 CHAP: Unable to authenticate for peer
Debug ppp authentication on Router B:
*May 14 07:46:25: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up
*May 14 07:46:25: BR3/1:1 PPP: Treating connection as a callin
*May 14 07:46:26: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
*May 14 07:46:26: BR3/1:1 CHAP: O CHALLENGE id 217 len 31 from "RouterB"
*May 14 07:46:26: BR3/1:1 CHAP: I CHALLENGE id 136 len 31 from "RouterA"
*May 14 07:46:26: BR3/1:1 CHAP: Waiting for peer to authenticate first
*May 14 07:46:26: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to down
*May 14 07:46:27: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up
*May 14 07:46:27: BR3/1:1 PPP: Treating connection as a callin
*May 14 07:46:28: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
*May 14 07:46:28: BR3/1:1 CHAP: O CHALLENGE id 218 len 31 from "RouterB"
*May 14 07:46:28: BR3/1:1 CHAP: I CHALLENGE id 62 len 31 from "RouterA"
*May 14 07:46:28: BR3/1:1 CHAP: Waiting for peer to authenticate first
*May 14 07:46:28: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to down
*May 14 07:46:29: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up
*May 14 07:46:29: BR3/1:1 PPP: Treating connection as a callin
*May 14 07:46:30: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
*May 14 07:46:30: BR3/1:1 CHAP: O CHALLENGE id 219 len 31 from "RouterB"
*May 14 07:46:30: BR3/1:1 CHAP: I CHALLENGE id 137 len 31 from "RouterA"
*****************************************************************
DISCLAIMER: The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee. Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized. If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
