GroupStudy.com GroupStudy.com - A virtual community of network engineers
Home BookStore StudyNotes Links Archives StudyRooms HelpWanted Discounts Login
Re: ISDN Call back with Dialstring problem posted 12/07/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]
Yes, I have enable aaa authorization on call back server as aaa authorization network default group tacacs+

and enable ACS authorize on ppp & callback string that I debug TACACS+ on call back server, I can see the dial string has been send to call back server from TACACS. but the problem is call back server do not call back .

another, command 'dialer aaa' need to be used under dialer interface.

I guess is the router config problem, do we have a configure example with it.


thanks



From: "Joe Wong" <vr2zjw@xxxxxxxxxxx>
To: "li jun" <liuyang1976@xxxxxxxxxxx>,<security@xxxxxxxxxxxxxx>
Subject: Re: ISDN Call back with Dialstring problem
Date: Sat, 7 Dec 2002 14:16:37 +0800

Perhap you may want to enable aaa authorization on the callback server and
config the ACS authorize on ppp & callback string to see whether it work
or
not.

I have problem with callback & multilink, could you make it work?
----- Original Message -----
From: "li jun" <liuyang1976@xxxxxxxxxxx>
To: <security@xxxxxxxxxxxxxx>
Sent: Saturday, December 07, 2002 12:35 PM
Subject: ISDN Call back with Dialstring problem


> Cisco guys and security expert,
> here I meet a problem. I have condfig 2 router use ISDN call back
> successfully. and authention the call back server to TACACS server. do
step
> by step with Cisco DOC, everything works.
> then next step I try let call back server get the callback-dialstring
from
> TACACS server, I can see the callback-dialer string has been send to
call
> back server from TACACS server, but call back server does not call
back
to
> the client.
>
> could you pls help me to check what's the problem or give me the Cisco
web 
> site to find the correct answer? thanks
>
> here is my config fot your reference.
>
> this is call back client configure:
>
> interface BRI0/0
>  ip address 200.50.35.5 255.255.255.252
>  encapsulation ppp
>  ip ospf authentication message-digest
>  ip ospf message-digest-key 2 md5 7 cisco
>  ip ospf demand-circuit
>  no ip mroute-cache
>  dialer idle-timeout 40
>  dialer map ip 200.50.35.6 name r1 broadcast 384960
>  dialer load-threshold 100 either
>  dialer-group 1
>  isdn switch-type basic-net3
>  no peer neighbor-route
>  no cdp enable
>  ppp callback request
>  ppp authentication chap callin
>  ppp chap hostname r1
>  ppp multilink
>
> dialer-list 1 protocol ip permit
>
> here is the config of call back server
>
> aaa new-model
> aaa authentication login loginau group tacacs+ local
> aaa authentication ppp default group tacacs+
>
> interface BRI0/0
>  ip address 200.50.35.6 255.255.255.252
>  encapsulation ppp
>  no ip route-cache
>  ip ospf authentication message-digest
>  ip ospf message-digest-key 2 md5 7 cisco
>  no ip mroute-cache
>  dialer callback-secure
>  dialer aaa     ===> want to get the dialer string from TACACS server
>  dialer map ip 200.50.35.5 name r4 class callback broadcast
>  dialer load-threshold 1 either
>  dialer-group 1
>  isdn switch-type basic-net3
>  no cdp enable
>  ppp callback accept
>  ppp authentication chap
>  ppp multilink
>
> map-class dialer callback
>  dialer callback-server username
> dialer-list 1 protocol ip permit
>
>
> _________________________________________________________________
> SkA*;z5DEsSQ=xPP=;Aw#,GkJ9SC MSN Messenger: http://messenger.msn.com/cn
>


_________________________________________________________________
OmSCJ@=gIOWn4s5D5gWSSJ<~O5M3!* MSN Hotmail!# http://www.hotmail.com