On Tue, 18 Nov 2003, John A. Hengstler wrote:
> Greetings. > I have an Cisco as5300 that I am using for Dial customers. > The customer connects, the authentication comes through, but then at the > "authorization" level the connection gets dropped by the nas.. > Are there any suggested attributes to put into radgroupreply for ISDN dial > in customers to the Cisco 5300 or do I have an incorrect setting on the > Nas.. > Here is a snapshot of what I have for the cisco config: > aaa new-model > aaa authentication login default local > aaa authentication ppp default group radius > aaa authorization network default group radius if-authenticated > aaa accounting delay-start > interface Serial0:23 > ip unnumbered Ethernet0 > encapsulation ppp > dialer-group 1 > isdn switch-type primary-ni > isdn tei-negotiation first-call > isdn incoming-voice modem > peer default ip address pool DIAL6_POOL > ppp authentication pap chap > interface Group-Async1 > ip unnumbered Ethernet0 > encapsulation ppp > ip tcp header-compression passive > no ip mroute-cache > async mode interactive > peer default ip address pool DIAL6_POOL > ppp authentication chap pap > group-range 1 96 > RADIUS: radgroupreply contains: > | 1 | dialerrouter | Session-Timeout | 28800 | == | > NULL > | 5 | dialerrouter | Idle-Timeout | 1200 | == | > NULL | > | 8 | dialerrouter | Service-Type | Framed-User | == | > NULL | > | 9 | dialerrouter | Framed-Protocol | PPP | == | > NULL | > | 10 | dialerrouter | Auth-Type | Local | == | > NULL | > RADIUS: radcheck contains diallerouter for the user > All modem dial up customers work just fine, but ISDN dial in fails as > indicated above. > Can anyone shed some pointers on this. I still haven't figured it out.. > > Regards, > John Hengstler > > I don't actually work with the NAS, but we also send back Framed-Routing = None in our radius replies. Might want to give it a shot. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html