Помогите с DialUp Cisco1751-Cisco2651+Radiusaaa authentication login default local group radius
aaa authentication login radius_login group radius local
aaa authentication ppp default local group radius
aaa authentication ppp radius_authen local group radius
aaa authorization exec default local group radius
aaa authorization exec radius_author group radius local
aaa authorization network default none
aaa authorization network network_author group radius local
aaa authorization network radius_author local group radius
aaa accounting session-duration ntp-adjusted
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting network radius_acc start-stop group radius
aaa session-id common
ip subnet-zero
!
!
ip telnet source-interface FastEthernet0/0
no ip domain lookup
!
ip audit notify log
ip audit po max-events 100
!
chat-script DIALOUT ABORT ERROR ABORT BUSY "" "AT" OK "ATX4DT \T" TIMEOUT 45 CONNECT \c
chat-script ISDN-DIALOUT ABORT BUSY "" "ATZ" OK "ATDI \T" TIMEOUT 30 CONNECT \c
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxx address xxx
!
!
crypto ipsec transform-set secret1 esp-3des esp-sha-hmac
!
crypto map chaos22_2 2 ipsec-isakmp
description To 2651-2 Dinamicmap
set peer xxx
set transform-set secret1
match address 122
!
!
!
!
interface FastEthernet0/0
description Interface To Local
ip address xxx
ip directed-broadcast
speed auto
no cdp enable
!
interface Serial0/0
physical-layer async
description ISDN DIALOUT
....
!
interface Serial0/1
physical-layer async
description Test BackUp with no DialIn
ip address negotiated
encapsulation ppp
dialer in-band
dialer idle-timeout 1800
dialer fast-idle 1800
dialer string xxxx modem-script DIALOUT
dialer-group 1
no keepalive
ppp authentication chap
ppp chap hostname Cisco1751
ppp chap password 7 abc
ppp pap sent-username Cisco1751 password 7 abc
!
interface Async5
bandwidth 33
ip address negotiated
encapsulation ppp
no logging event link-status
dialer in-band
dialer idle-timeout 600
dialer fast-idle 600
dialer string xxxx modem-script DIALOUT
dialer-group 1
async mode dedicated
no snmp trap link-status
no keepalive
no fair-queue
ppp authentication pap chap
ppp chap hostname Cisco1751
ppp chap password 7 abc
ppp pap sent-username Cisco1751 password 7 abc
!
ip classless
ip route 0.0.0.0 0.0.0.0 Async5
ip route 192.168.5.0 255.255.255.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
!
ip radius source-interface FastEthernet0/0
!
logging history debugging
logging trap debugging
logging source-interface FastEthernet0/0
logging 192.168.1.15
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 10 permit 192.168.3.0 0.0.0.255
access-list 10 permit 192.168.123.0 0.0.0.255
access-list 10 permit 192.168.5.0 0.0.0.255
access-list 10 permit 192.168.122.0 0.0.0.255
access-list 11 permit 192.168.1.15
access-list 122 permit ip 192.168.122.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
snmp-server community ... RO 11
snmp-server community ... RW 11
snmp-server trap-source FastEthernet0/0
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps syslog
snmp-server enable traps cnpd
snmp-server enable traps rtr
snmp-server enable traps atm subif
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rsvp
snmp-server enable traps pppoe
snmp-server enable traps bgp
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
radius-server timeout 2
radius-server key 7 xxx
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
!
line con 0
line 1
session-timeout 30
flush-at-activation
script dialer ISDN-DIALOUT
logging synchronous
modem InOut
modem autoconfigure discovery
terminal-type download
transport preferred none
transport input all
transport output pad telnet
escape-character NONE
autoselect ppp
telnet transparent
autohangup
stopbits 1
speed 2400
flowcontrol hardware
line 2
session-timeout 45
flush-at-activation
authorization exec radius_author
login authentication radius_login
modem InOut
modem autoconfigure type usr_courier
terminal-type download
transport preferred none
transport input all
transport output pad telnet
escape-character NONE
autoselect during-login
autoselect ppp
telnet transparent
autohangup
stopbits 1
flowcontrol hardware
line aux 0
session-timeout 45
script dialer DIALOUT
authorization exec radius_author
logging synchronous
login authentication radius_login
modem InOut
modem autoconfigure type usr_courier
transport input telnet
escape-character NONE
autoselect during-login
autoselect ppp
autohangup
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
access-class 10 in
logging synchronous
terminal-type download
transport input pad udptn telnet rlogin ssh
telnet transparent
!
sntp server 192.168.122.1
ntp clock-period 17179799
ntp server 192.168.8.252
ntp server 192.168.8.253
time-range daytime
periodic Monday 3:00 to 4:00
periodic weekdays 7:30 to 19:00
periodic Saturday 8:00 to 14:00
!
end
что тут не так???
в дебагах пишется что не проходит аутентификация...
Nov 24 12:48:24.877: RADIUS/DECODE: parse response no app start; FAIL
.Nov 24 12:48:24.877: RADIUS/DECODE: parse response; FAIL
.Nov 24 12:48:24.877: As5 PPP: Received LOGIN Response FAIL
.Nov 24 12:48:24.881: As5 CHAP: O FAILURE id 164 len 25 msg is "Authentication failed"
.Nov 24 12:48:24.881: As5 PPP: Sending Acct Event[Down] id[10F1]
.Nov 24 12:48:24.881: As5 PPP: Phase is TERMINATING
.Nov 24 12:48:24.881: As5 LCP: O TERMREQ [Open] id 85 len 4
.Nov 24 12:48:24.985: As5 EVT: Packet 0 0x81C84DF4
.Nov 24 12:48:24.985: As5 LCP: I TERMACK [TERMsent] id 85 len 4
.Nov 24 12:48:24.985: As5 LCP: State is Closed
.Nov 24 12:48:24.985: As5 PPP: Phase is DOWN
.Nov 24 12:48:24.985: TTY5: Async Int reset: Dropping DTR
.Nov 24 12:48:24.985: TTY5: Set DTR to 0
Помогите уж пожалуйста.. Время поджимает.
Дело в том что несколько похожих конфигураций работает, а что не так тут никак не пойму..:((
deb aaa authe
deb ppp authe
>deb aaa authe
>deb ppp autheвот кусок:
.Nov 24 21:01:56.245: As5 LCP: State is Open
.Nov 24 21:01:56.249: As5 PPP: Phase is AUTHENTICATING, by both
.Nov 24 21:01:56.249: As5 CHAP: O CHALLENGE id 175 len 26 from "utest"
.Nov 24 21:01:56.357: As5 EVT: Auth Packet 0 0x8199F2D4
.Nov 24 21:01:56.357: As5 CHAP: I CHALLENGE id 169 len 30 from "Cisco3660"
.Nov 24 21:01:56.357: As5 CHAP: Using hostname from interface CHAP
.Nov 24 21:01:56.357: As5 CHAP: Using password from AAA
.Nov 24 21:01:56.361: As5 CHAP: O RESPONSE id 169 len 26 from "utest"
.Nov 24 21:01:56.501: As5 EVT: Auth Packet 0 0x81BF0998
.Nov 24 21:01:56.501: As5 CHAP: I FAILURE id 169 len 26 msg is "Authentication failure"В принципе выход нашел, но все же не хватает ясности. Объясните плиз в каких случаях нужно прописывать юзера на кошке и с каким паролем, у меня заработало когда я прописал юзера с паролем как у клиента радиуса, и поменял диалапный пароль на идентичный.