This is a valid comment, but when a go into routerA, type 'no aaa
new-model', it works, which would eliminate the possibility of a password
problem.
> -----Original Message-----
> From: Gareth Hinton [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday 28 March 2001 22:43
> To: [EMAIL PROTECTED]
> Subject: Re: Tacacs and dialup authentication
>
> Looked through it for ages. I may be missing something but looks like the
> authentication is just failing, possibly due to not using the same
> password
> on RouterA and RouterB?
>
> On RouterA
> username RouterB password fred
>
> On RouterB
> username RouterA password fred
>
> Fingers like mine - too big to tyyppe?
>
> Anyone feel free to correct me if info is garbage.
>
> Cheers,
>
> Gareth
>
>
> "Radford Dion" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi Everyone.
> >
> > I am having trouble trying to work out why I cannot get a router to
> connect
> > via ISDN to another router when tacacs is configured. I want to use the
> > local Tacacs database and I have followed the instructions on the cisco
> web
> > site
> >
> http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c2.ht
> m.
> > I would appreciate any feedback that anyone has.
> >
> > This is the scenario
> >
> > RouterA ---> dials into ----> RouterB
> >
> > When I remove the aaa configuration parameters from router A it works
> fine.
> >
> > Router A config:
> > username RouterB password xxxxxxxxx
> >
> > aaa new-model
> > aaa authentication enable default enable
> > aaa authentication ppp default local
> >
> > int bri 0/0
> > no ip address
> > no ip redirects
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer pool-member 1
> > isdn switch-type basic-net3
> > no fair-queue
> > ppp authentication chap
> > !
> > interface Dialer1
> > ip address 192.168.0.186 255.255.255.252
> > no ip redirects
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer remote-name RouterB
> > dialer pool 1
> > dialer idle-timeout 60
> > dialer string 5555555
> > dialer hold-queue 10
> > dialer-group 1
> > no fair-queue
> > ppp authentication chap
> >
> >
> > Router B config:
> > username RouterA password xxxxxxxxx
> >
> > aaa new-model
> > aaa authentication enable default enable
> > aaa authentication ppp default local
> >
> > int bri 3/1
> > ip address 192.168.0.186 255.255.255.252
> > encapsulation ppp
> > dialer idle-timeout 60
> > dialer map ip 192.168.0.186 name RouterA 5554324
> > dialer-group 2
> > ppp authentication chap
> >
> > This is the debug output - I tried using debug aaa authentication but
> there
> > was no output from either router.
> >
> > Debug ppp authentication on Router A:
> > *Mar 21 23:30:17: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
> up
> > *Mar 21 23:30:17: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
> > *Mar 21 23:30:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected
> to
> > 5555555 .
> > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout
> > *Mar 21 23:30:17: BR0/0:1 CHAP: O CHALLENGE id 142 len 31 from "RouterA"
> > *Mar 21 23:30:17: BR0/0:1 CHAP: I CHALLENGE id 227 len 31 from "RouterB"
> > *Mar 21 23:30:17: BR0/0:1 CHAP: Unable to authenticate for peer
> > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout
> > *Mar 21 23:30:17: %DIALER-6-UNBIND: Interface BR0/0:1 unbound from
> profile
> > Di1
> > *Mar 21 23:30:18: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
> down
> > *Mar 21 23:30:19: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to
> up
> > *Mar 21 23:30:19: %DIALER-6-BIND: Interface BR0/0:2 bound to profile
> Di1.
> > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout
> > *Mar 21 23:30:19: BR0/0:2 CHAP: O CHALLENGE id 66 len 31 from "RouterA"
> > *Mar 21 23:30:19: BR0/0:2 CHAP: I CHALLENGE id 228 len 31 from "RouterB"
> > *Mar 21 23:30:19: BR0/0:2 CHAP: Unable to authenticate for peer
> > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout
> > *Mar 21 23:30:19: %DIALER-6-UNBIND: Interface BR0/0:2 unbound from
> profile
> > Di1
> > *Mar 21 23:30:20: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to
> down
> > *Mar 21 23:30:21: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
> up
> > *Mar 21 23:30:21: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
> > *Mar 21 23:30:21: BR0/0:1 PPP: Treating connection as a callout
> > *Mar 21 23:30:21: BR0/0:1 CHAP: O CHALLENGE id 143 len 31 from "RouterA"
> > *Mar 21 23:30:21: BR0/0:1 CHAP: I CHALLENGE id 229 len 31 from "RouterB"
> > .*Mar 21 23:30:21: BR0/0:1 CHAP: Unable to authenticate for peer
> >
> >
> > Debug ppp authentication on Router B:
> > *May 14 07:46:25: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to
> up
> > *May 14 07:46:25: BR3/1:1 PPP: Treating connection as a callin
> > *May 14 07:46:26: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
> > *May 14 07:46:26: BR3/1:1 CHAP: O CHALLENGE id 217 len 31 from "RouterB"
> > *May 14 07:46:26: BR3/1:1 CHAP: I CHALLENGE id 136 len 31 from "RouterA"
> > *May 14 07:46:26: BR3/1:1 CHAP: Waiting for peer to authenticate first
> > *May 14 07:46:26: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to
> down
> > *May 14 07:46:27: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to
> up
> > *May 14 07:46:27: BR3/1:1 PPP: Treating connection as a callin
> > *May 14 07:46:28: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
> > *May 14 07:46:28: BR3/1:1 CHAP: O CHALLENGE id 218 len 31 from "RouterB"
> > *May 14 07:46:28: BR3/1:1 CHAP: I CHALLENGE id 62 len 31 from "RouterA"
> > *May 14 07:46:28: BR3/1:1 CHAP: Waiting for peer to authenticate first
> > *May 14 07:46:28: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to
> down
> > *May 14 07:46:29: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to
> up
> > *May 14 07:46:29: BR3/1:1 PPP: Treating connection as a callin
> > *May 14 07:46:30: BR3/1:1 PPP: Phase is AUTHENTICATING, by both
> > *May 14 07:46:30: BR3/1:1 CHAP: O CHALLENGE id 219 len 31 from "RouterB"
> > *May 14 07:46:30: BR3/1:1 CHAP: I CHALLENGE id 137 len 31 from "RouterA"
> >
> >
> >
> > *****************************************************************
> > DISCLAIMER: The information contained in this e-mail may be
> confidential
> > and is intended solely for the use of the named addressee. Access,
> copying
> > or re-use of the e-mail or any information contained therein by any
> other
> > person is not authorized. If you are not the intended recipient please
> > notify us immediately by returning the e-mail to the originator.
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
*****************************************************************
DISCLAIMER: The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee. Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized. If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
