Looked through it for ages. I may be missing something but looks like the
authentication is just failing, possibly due to not using the same password
on RouterA and RouterB?
On RouterA
username RouterB password fred
On RouterB
username RouterA password fred
Fingers like mine - too big to tyyppe?
Anyone feel free to correct me if info is garbage.
Cheers,
Gareth
"Radford Dion" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Everyone.
>
> I am having trouble trying to work out why I cannot get a router to
connect
> via ISDN to another router when tacacs is configured. I want to use the
> local Tacacs database and I have followed the instructions on the cisco
web
> site
>
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c2.htm.
> I would appreciate any feedback that anyone has.
>
> This is the scenario
>
> RouterA ---> dials into ----> RouterB
>
> When I remove the aaa configuration parameters from router A it works
fine.
>
> Router A config:
> username RouterB password xxxxxxxxx
>
> aaa new-model
> aaa authentication enable default enable
> aaa authentication ppp default local
>
> int bri 0/0
> no ip address
> no ip redirects
> no ip directed-broadcast
> encapsulation ppp
> dialer pool-member 1
> isdn switch-type basic-net3
> no fair-queue
> ppp authentication chap
> !
> interface Dialer1
> ip address 192.168.0.186 255.255.255.252
> no ip redirects
> no ip directed-broadcast
> encapsulation ppp
> dialer remote-name RouterB
> dialer pool 1
> dialer idle-timeout 60
> dialer string 5555555
> dialer hold-queue 10
> dialer-group 1
> no fair-queue
> ppp authentication chap
>
>
> Router B config:
> username RouterA password xxxxxxxxx
>
> aaa new-model
> aaa authentication enable default enable
> aaa authentication ppp default local
>
> int bri 3/1
> ip address 192.168.0.186 255.255.255.252
> encapsulation ppp
> dialer idle-timeout 60
> dialer map ip 192.168.0.186 name RouterA 5554324
> dialer-group 2
> ppp authentication chap
>
> This is the debug output - I tried using debug aaa authentication but
there
> was no output from either router.
>
> Debug ppp authentication on Router A:
> *Mar 21 23:30:17: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
> *Mar 21 23:30:17: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
> *Mar 21 23:30:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to
> 5555555 .
> *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout
> *Mar 21 23:30:17: BR0/0:1 CHAP: O CHALLENGE id 142 len 31 from "RouterA"
> *Mar 21 23:30:17: BR0/0:1 CHAP: I CHALLENGE id 227 len 31 from "RouterB"
> *Mar 21 23:30:17: BR0/0:1 CHAP: Unable to authenticate for peer
> *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout
> *Mar 21 23:30:17: %DIALER-6-UNBIND: Interface BR0/0:1 unbound from profile
> Di1
> *Mar 21 23:30:18: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
down
> *Mar 21 23:30:19: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to up
> *Mar 21 23:30:19: %DIALER-6-BIND: Interface BR0/0:2 bound to profile Di1.
> *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout
> *Mar 21 23:30:19: BR0/0:2 CHAP: O CHALLENGE id 66 len 31 from "RouterA"
> *Mar 21 23:30:19: BR0/0:2 CHAP: I CHALLENGE id 228 len 31 from "RouterB"
> *Mar 21 23:30:19: BR0/0:2 CHAP: Unable to authenticate for peer
> *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout
> *Mar 21 23:30:19: %DIALER-6-UNBIND: Interface BR0/0:2 unbound from profile
> Di1
> *Mar 21 23:30:20: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to
down
> *Mar 21 23:30:21: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
> *Mar 21 23:30:21: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
> *Mar 21 23:30:21: BR0/0:1 PPP: Treating connection as a callout
> *Mar 21 23:30:21: BR0/0:1 CHAP: O CHALLENGE id 143 len 31 from "RouterA"
> *Mar 21 23:30:21: BR0/0:1 CHAP: I CHALLENGE id 229 len 31 from "RouterB"
> .*Mar 21 23:30:21: BR0/0:1 CHAP: Unable to authenticate for peer
>
>
> Debug ppp authentication on Router B:
> *May 14 07:46:25: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up
> *May 14 07:46:25: BR3/1:1 PPP: Treating connection as a callin
> *May 14 07:46:26: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
> *May 14 07:46:26: BR3/1:1 CHAP: O CHALLENGE id 217 len 31 from "RouterB"
> *May 14 07:46:26: BR3/1:1 CHAP: I CHALLENGE id 136 len 31 from "RouterA"
> *May 14 07:46:26: BR3/1:1 CHAP: Waiting for peer to authenticate first
> *May 14 07:46:26: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to
down
> *May 14 07:46:27: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up
> *May 14 07:46:27: BR3/1:1 PPP: Treating connection as a callin
> *May 14 07:46:28: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
> *May 14 07:46:28: BR3/1:1 CHAP: O CHALLENGE id 218 len 31 from "RouterB"
> *May 14 07:46:28: BR3/1:1 CHAP: I CHALLENGE id 62 len 31 from "RouterA"
> *May 14 07:46:28: BR3/1:1 CHAP: Waiting for peer to authenticate first
> *May 14 07:46:28: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to
down
> *May 14 07:46:29: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up
> *May 14 07:46:29: BR3/1:1 PPP: Treating connection as a callin
> *May 14 07:46:30: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
> *May 14 07:46:30: BR3/1:1 CHAP: O CHALLENGE id 219 len 31 from "RouterB"
> *May 14 07:46:30: BR3/1:1 CHAP: I CHALLENGE id 137 len 31 from "RouterA"
>
>
>
> *****************************************************************
> DISCLAIMER: The information contained in this e-mail may be confidential
> and is intended solely for the use of the named addressee. Access,
copying
> or re-use of the e-mail or any information contained therein by any other
> person is not authorized. If you are not the intended recipient please
> notify us immediately by returning the e-mail to the originator.
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
