Had someone e-mail this config today. He just installed CiscoSecure for NT 2.4 and went from using a local user database to TACACS+ off his NT Domain Database. Since then his users randomly get shell sessions rather than PPP sessions. I went through his logs and it does, at first glance, appear random when a user gets a shell vs. PP session. However, when they get a shell session they seem to be unable to get anything else for a period of time lasting an hour or so. According to the log, it's also not line or interface specific as these users come in different lines each time they try. His Cisco Secure was setup by a Cisco SE who chose all the defaults for setting up the users except that 1) they're coming off a NT domain database and 2) a few of them have denied IP address ranges. (No correlation here either). I haven't been able to see the config on this myself as of yet. His router config follows. I was going to tell him to try taking out his "async mode interactive/autoselect during login/autosellect PPP" lines and instead have him try "async mode dedicated" under his async interfaces. OR, what if I just have him remove "autoselect during login"? I'm not sure if either will help him or not. He says he's had a case open with TAC for a while now. Does anyone know if this will work? Does anyone have any better suggestions or a possible solution? Thanks in advance, Gary Alterson ------------------ show version ------------------ Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-IS-M), Version 11.3(7)T, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1998 by cisco Systems, Inc. Compiled Tue 01-Dec-98 23:58 by ccai Image text-base: 0x600088E0, data-base: 0x60850000 ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc 1) dialx uptime is 12 weeks, 4 days, 26 minutes System restarted by reload at 08:05:11 UTC Fri Apr 28 2000 System image file is "flash:c3640-is-mz.113-7.T", booted via flash cisco 3640 (R4700) processor (revision 0x00) with 24576K/8192K bytes of memory. Processor board ID 11414494 R4700 processor, Implementation 33, Revision 1.0 MICA-6DM Firmware: CP ver 2310 - 6/3/1998, SP ver 2310 - 6/3/1998. Bridging software. X.25 software, Version 3.0.0. Primary Rate ISDN software, Version 1.1. 1 FastEthernet/IEEE 802.3 interface(s) 48 Serial network interface(s) 48 terminal line(s) 2 Channelized T1/PRI port(s) DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) 2048K bytes of processor board PCMCIA Slot0 flash (Read/Write) Configuration register is 0x2102 ------------------ show running-config ------------------ Building configuration... Current configuration: ! ! Last configuration change at 15:50:36 UTC Mon Jul 24 2000 by rf ! NVRAM config last updated at 15:50:38 UTC Mon Jul 24 2000 by rf ! version 11.3 service timestamps debug uptime service timestamps log datetime no service password-encryption ! hostname <removed> ! aaa new-model aaa authentication login default local tacacs+ aaa authentication ppp default local tacacs+ aaa authorization exec default if-authenticated aaa authorization network default tacacs+ local aaa accounting exec default start-stop tacacs+ aaa accounting network default start-stop tacacs+ enable secret level 3 5 <removed> enable secret level 7 5 <removed> enable secret 5 <removed> enable password <removed> ! username rf password 7 <removed> username test password 7 <removed> username cisco password 0 <removed> username alltech password 0 <removed> username rfprod password 0 <removed> ip host dial2 <removed>.147.4.2 ip host dial3 <removed>.147.4.9 ip name-server <removed>.147.4.55 ip address-pool local isdn switch-type primary-dms100 ! ! ! controller T1 0/0 framing esf linecode b8zs pri-group timeslots 1-24 description 800-889-6765 630-438-1420 service(888)886-1779 ! controller T1 0/1 framing esf linecode b8zs pri-group timeslots 1-24 description 800-889-6765 second t1 ! ! interface FastEthernet0/0 ip address <removed>.147.4.16 255.255.255.0 ip helper-address <removed>.147.4.69 ip helper-address <removed>.147.3.13 ip helper-address <removed>.147.4.82 ip helper-address <removed>.147.4.1 ip helper-address <removed>.147.4.25 ! interface Serial0/0:23 no ip address no ip directed-broadcast dialer rotary-group 1 dialer-group 1 isdn switch-type primary-dms100 isdn tei-negotiation first-call isdn incoming-voice modem no fair-queue no cdp enable ! interface Serial0/1:23 no ip address no ip directed-broadcast dialer rotary-group 1 dialer-group 1 isdn switch-type primary-dms100 isdn tei-negotiation first-call isdn incoming-voice modem no fair-queue no cdp enable ! interface Group-Async1 ip unnumbered FastEthernet0/0 ip helper-address <removed>.147.3.13 ip helper-address <removed>.147.4.69 ip helper-address <removed>.147.4.25 ip tcp header-compression passive encapsulation ppp no ip route-cache no ip mroute-cache dialer in-band dialer idle-timeout 900 dialer-group 1 async default routing async dynamic address async mode interactive no snmp trap link-status peer default ip address pool default no cdp enable ppp authentication pap group-range 33 56 ! interface Group-Async2 ip unnumbered FastEthernet0/0 ip helper-address <removed>.147.3.13 ip helper-address <removed>.147.4.69 ip helper-address <removed>.147.4.25 ip tcp header-compression passive encapsulation ppp no ip route-cache no ip mroute-cache dialer in-band dialer idle-timeout 900 dialer-group 1 async default routing async dynamic address async mode interactive no snmp trap link-status peer default ip address pool default no cdp enable ppp authentication pap group-range 65 88 ! interface Dialer1 no ip address no ip directed-broadcast dialer in-band dialer idle-timeout 900 dialer-group 1 no snmp trap link-status no fair-queue no cdp enable ! router eigrp 1 passive-interface FastEthernet0/0 network <removed>.147.0.0 network <removed>.168.250.0 no auto-summary ! ip local pool gbclient 192.168.250.20 192.168.250.200 ip local pool default <removed>.147.8.75 <removed>.147.8.150 ip default-gateway <removed>.147.4.1 ip classless ip route 0.0.0.0 0.0.0.0 <removed>.147.4.1 ! ! logging buffered 4096 debugging logging trap errors logging <removed>.147.4.14 logging <removed>.147.4.202 dialer-list 1 protocol ip permit tacacs-server host <removed>.147.4.55 tacacs-server key <removed> snmp-server community <removed> RO snmp-server community <removed> RW snmp-server trap-source FastEthernet0/0 snmp-server host <removed>.147.3.204 traps <removed> snmp-server host <removed>.147.4.14 traps <removed> snmp-server host <removed>.147.4.202 traps <removed> banner login <removed> privilege exec level 3 traceroute privilege exec level 3 ping privilege exec level 3 terminal monitor privilege exec level 3 terminal privilege exec level 3 show frame-relay pvc privilege exec level 3 show frame-relay map privilege exec level 3 show frame-relay privilege exec level 3 show cdp privilege exec level 3 show ip route privilege exec level 3 show ip privilege exec level 3 show arp privilege exec level 3 show debugging privilege exec level 3 show privilege exec level 3 no debug ppp negotiation privilege exec level 3 no debug ppp privilege exec level 3 no debug modem privilege exec level 3 no debug privilege exec level 3 no privilege exec level 3 debug ppp negotiation privilege exec level 3 debug ppp privilege exec level 3 debug modem privilege exec level 3 debug ! line con 0 exec-timeout 30 0 line 33 56 session-timeout 10 logout-warning 420 autoselect ppp session-disconnect-warning 320 modem InOut modem autoconfigure discovery notify transport input all stopbits 1 flowcontrol hardware line 65 83 session-timeout 10 logout-warning 420 autoselect ppp session-disconnect-warning 320 modem InOut modem autoconfigure discovery notify transport input all stopbits 1 flowcontrol hardware line 84 88 session-timeout 10 logout-warning 420 autoselect during-login autoselect ppp session-disconnect-warning 320 modem InOut notify transport input all stopbits 1 flowcontrol hardware line aux 0 transport input all line vty 0 4 exec-timeout 0 0 password <removed> ! ntp clock-period 17180187 end ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]