Hi there
Looking for some help in regards to ISDN authentication. I’m using a 1700 series router with a BRI ISDN WIC.
IOS version is 12.3-14-T3.
I'm attempting to make an outgoing ISDN call to an ISP. My problem is relating to the authentication. Things work just fine, when using "no aaa new-model". However, once I use the "aaa new-model" the authentication fails. And unfortunately, I need the new-model stuff for VPNs.
For example, this configuration works perfectly...
====================================
no aaa new-model
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap
!
interface Dialer0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 2147483
dialer string xxxx
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname yyyy
ppp chap password 7 xxxx
!
====================================
However things fall apart if I replace "no aaa new-model" with the following...
====================================
aaa new-model
aaa authentication ppp default local
!
username yyyy password 7 xxxx
====================================
I figure the new aaa model breaks the "ppp chap hostname" and "ppp chap password" commands in the dialer interface, instead relying on the aaa authentication. As I understand things I’ve set the authentication to be local (ie don’t use RADIUS etc) with "aaa authentication ppp default local".
So I think I'm looking for a command in the Dialer0 interface to link the outgoing call to the appropriate username yyyy command.
I can't use "dialer remote-name" because I'm calling into an ISP, not another router with the hostname "yyyy".
Hope this makes sense. Sorry for the long-winded post.
Any help is greatly appreciated.
Looking for some help in regards to ISDN authentication. I’m using a 1700 series router with a BRI ISDN WIC.
IOS version is 12.3-14-T3.
I'm attempting to make an outgoing ISDN call to an ISP. My problem is relating to the authentication. Things work just fine, when using "no aaa new-model". However, once I use the "aaa new-model" the authentication fails. And unfortunately, I need the new-model stuff for VPNs.
For example, this configuration works perfectly...
====================================
no aaa new-model
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap
!
interface Dialer0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 2147483
dialer string xxxx
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname yyyy
ppp chap password 7 xxxx
!
====================================
However things fall apart if I replace "no aaa new-model" with the following...
====================================
aaa new-model
aaa authentication ppp default local
!
username yyyy password 7 xxxx
====================================
I figure the new aaa model breaks the "ppp chap hostname" and "ppp chap password" commands in the dialer interface, instead relying on the aaa authentication. As I understand things I’ve set the authentication to be local (ie don’t use RADIUS etc) with "aaa authentication ppp default local".
So I think I'm looking for a command in the Dialer0 interface to link the outgoing call to the appropriate username yyyy command.
I can't use "dialer remote-name" because I'm calling into an ISP, not another router with the hostname "yyyy".
Hope this makes sense. Sorry for the long-winded post.
Any help is greatly appreciated.
