Mailing List Archive: AS5350 ISDN Problems

AS5350 ISDN Problems

Feb 25, 2004, 9:34 AM

Post #1 of 5 (1695 views)

I have a Cisco access server AS5350 with E1 modules; and I am experiencing a
strange problem.
Some dialup calls on the ISDN line connect but the users can't transmit data
(can't even ping the assigned IP).
Other users disconnect immediately after authentication.The strange thing is
that other users work just fine!
I have included my config below. Any ideas?

Regards,

GLO
--------------

version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname -------.kenyaweb.com
!
no boot startup-test
logging rate-limit console 10 except errors
no logging console
aaa new-model
aaa authentication username-prompt login:
aaa authentication login default local group radius
aaa authentication login console local line
aaa authentication ppp default if-needed local group radius
aaa authorization network default group radius
aaa accounting send stop-record authentication failure
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group radius
aaa accounting commands 15 default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
enable secret 5 000000000000000
enable password 7 00000000000000
!
username admin password 7 0000000000
!
!
resource-pool disable
syscon address 192.168.100.1 cisco
syscon shelf-id 0
!
!
!
!
voice-fastpath enable
ip subnet-zero
no ip source-route
no ip finger
ip name-server ---------------
ip name-server ---------------
!
frame-relay switching
isdn switch-type primary-net5
call rsvp-sync
modemcap entry next:MSC=AT&FS0=0S29=6S65=1024S66=1024
!
!
!
!
!
fax interface-type modem
mta receive maximum-recipients 0
!
!
!
controller E1 3/0
framing NO-CRC4
pri-group timeslots 1-31
!
controller E1 3/1
framing NO-CRC4
channel-group 1 timeslots 1-31
!
controller E1 3/2
framing NO-CRC4
pri-group timeslots 1-31
!
controller E1 3/3
!
controller E1 3/4
!
controller E1 3/5
!
controller E1 3/6
!
controller E1 3/7
framing NO-CRC4
channel-group 17 timeslots 17
channel-group 18 timeslots 18
channel-group 19 timeslots 19
!
!
interface Loopback0
no ip address
!
interface Tunnel0
ip address 213.150.98.50 255.255.255.252
tunnel source 195.202.84.182
tunnel destination 195.202.92.206
!
interface FastEthernet0/0
ip address 213.150.100.1 255.255.255.0 secondary
ip address 213.150.99.177 255.255.255.240 secondary
ip address 194.201.253.23 255.255.255.0
ip access-group 100 in
ip access-group 100 out
no ip redirects
no ip proxy-arp
no ip mroute-cache
duplex full
speed 100
no cdp enable
!
--More--
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
interface Group-Async0
no ip address
no group-range
!
interface Group-Async1
ip unnumbered FastEthernet0/0
encapsulation ppp
no ip route-cache
no ip mroute-cache
carrier-delay 5
async mode dedicated
peer default ip address pool mypool
no fair-queue
ppp max-bad-auth 5
ppp authentication pap
group-range 1/00 2/59
!
interface Dialer1
ip unnumbered FastEthernet0/0
encapsulation ppp
dialer in-band
dialer idle-timeout 100000
dialer-group 1
peer default ip address pool mypool
no fair-queue
no cdp enable
ppp max-bad-auth 5
ppp authentication pap
!
!
ip local pool mypool 21.15.7.1 21.15.7.100
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.2.1
!
dialer-list 1 protocol ip permit
!
snmp-server community Kx12 RO
!
radius-server host 21.2.2.5 auth-port 1945 acct-port 1946 non-standard
radius-server retransmit 3
radius-server timeout 60
radius-server key 7 00000000000000
radius-server vsa send accounting
radius-server vsa send authentication
!
voice-port 3/0:D
!
voice-port 3/2:D
!
!
line con 0
transport input none
line aux 0
autoselect during-login
autoselect ppp
line vty 0 4
password 7 0000000000
autoselect ppp
line vty 5 28
line 1/00 1/59
no flush-at-activation
autoselect ppp
modem Dialin
modem autoconfigure type next
autocommand ppp
transport input all
line 2/00 2/59
no flush-at-activation
autoselect ppp
modem Dialin
modem autoconfigure type next
autocommand ppp
transport input all
!
scheduler allocate 10000 400
end
----------------

Re: AS5350 ISDN Problems [ In reply to ]

hrobison at cisco

Feb 25, 2004, 9:49 AM

Post #2 of 5 (1661 views)

Permalink

Sounds like a PPP or AAA problem. I suggest you take a look
at the output of debug ppp err, etc. Why are you using PAP?

Regards,
Helen

At 07:34 PM 2/25/2004 +0300, GLO wrote:
>I have a Cisco access server AS5350 with E1 modules; and I am experiencing a
>strange problem.
>Some dialup calls on the ISDN line connect but the users can't transmit data
>(can't even ping the assigned IP).
>Other users disconnect immediately after authentication.The strange thing is
>that other users work just fine!
>I have included my config below. Any ideas?
>
>Regards,
>
>GLO
>--------------
>
>version 12.1
>no service single-slot-reload-enable
>service timestamps debug uptime
>service timestamps log uptime
>service password-encryption
>!
>hostname -------.kenyaweb.com
>!
>no boot startup-test
>logging rate-limit console 10 except errors
>no logging console
>aaa new-model
>aaa authentication username-prompt login:
>aaa authentication login default local group radius
>aaa authentication login console local line
>aaa authentication ppp default if-needed local group radius
>aaa authorization network default group radius
>aaa accounting send stop-record authentication failure
>aaa accounting nested
>aaa accounting update newinfo
>aaa accounting exec default start-stop group radius
>aaa accounting commands 15 default start-stop group radius
>aaa accounting network default start-stop group radius
>aaa accounting connection default start-stop group radius
>enable secret 5 000000000000000
>enable password 7 00000000000000
>!
>username admin password 7 0000000000
>!
>!
>resource-pool disable
>syscon address 192.168.100.1 cisco
>syscon shelf-id 0
>!
>!
>!
>!
>voice-fastpath enable
>ip subnet-zero
>no ip source-route
>no ip finger
>ip name-server ---------------
>ip name-server ---------------
>!
>frame-relay switching
>isdn switch-type primary-net5
>call rsvp-sync
>modemcap entry next:MSC=AT&FS0=0S29=6S65=1024S66=1024
>!
>!
>!
>!
>!
>fax interface-type modem
>mta receive maximum-recipients 0
>!
>!
>!
>controller E1 3/0
>framing NO-CRC4
>pri-group timeslots 1-31
>!
>controller E1 3/1
>framing NO-CRC4
>channel-group 1 timeslots 1-31
>!
>controller E1 3/2
>framing NO-CRC4
>pri-group timeslots 1-31
>!
>controller E1 3/3
>!
>controller E1 3/4
>!
>controller E1 3/5
>!
>controller E1 3/6
>!
>controller E1 3/7
>framing NO-CRC4
>channel-group 17 timeslots 17
>channel-group 18 timeslots 18
>channel-group 19 timeslots 19
>!
>!
>interface Loopback0
>no ip address
>!
>interface Tunnel0
>ip address 213.150.98.50 255.255.255.252
>tunnel source 195.202.84.182
>tunnel destination 195.202.92.206
>!
>interface FastEthernet0/0
>ip address 213.150.100.1 255.255.255.0 secondary
>ip address 213.150.99.177 255.255.255.240 secondary
>ip address 194.201.253.23 255.255.255.0
>ip access-group 100 in
>ip access-group 100 out
>no ip redirects
>no ip proxy-arp
>no ip mroute-cache
>duplex full
>speed 100
>no cdp enable
>!
>--More--
>interface FastEthernet0/1
>no ip address
>shutdown
>duplex auto
>speed auto
>no cdp enable
>!
>interface Group-Async0
>no ip address
>no group-range
>!
>interface Group-Async1
>ip unnumbered FastEthernet0/0
>encapsulation ppp
>no ip route-cache
>no ip mroute-cache
>carrier-delay 5
>async mode dedicated
>peer default ip address pool mypool
>no fair-queue
>ppp max-bad-auth 5
>ppp authentication pap
>group-range 1/00 2/59
>!
>interface Dialer1
>ip unnumbered FastEthernet0/0
>encapsulation ppp
>dialer in-band
>dialer idle-timeout 100000
>dialer-group 1
>peer default ip address pool mypool
>no fair-queue
>no cdp enable
>ppp max-bad-auth 5
>ppp authentication pap
>!
>!
>ip local pool mypool 21.15.7.1 21.15.7.100
>ip classless
>ip route 0.0.0.0 0.0.0.0 1.2.2.1
>!
>dialer-list 1 protocol ip permit
>!
>snmp-server community Kx12 RO
>!
>radius-server host 21.2.2.5 auth-port 1945 acct-port 1946 non-standard
>radius-server retransmit 3
>radius-server timeout 60
>radius-server key 7 00000000000000
>radius-server vsa send accounting
>radius-server vsa send authentication
>!
>voice-port 3/0:D
>!
>voice-port 3/2:D
>!
>!
>line con 0
>transport input none
>line aux 0
>autoselect during-login
>autoselect ppp
>line vty 0 4
>password 7 0000000000
>autoselect ppp
>line vty 5 28
>line 1/00 1/59
>no flush-at-activation
>autoselect ppp
>modem Dialin
>modem autoconfigure type next
>autocommand ppp
>transport input all
>line 2/00 2/59
>no flush-at-activation
>autoselect ppp
>modem Dialin
>modem autoconfigure type next
>autocommand ppp
>transport input all
>!
>scheduler allocate 10000 400
>end
>----------------
>
>_______________________________________________
>cisco-nas mailing list
>cisco-nas@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nas

Helen M. Robison (email: hrobison@cisco.com)
Voice Technical Marketing Engineer
Service Provider Solution Engineering (SPSE)
direct: (408) 526-8938

In the beginning all the world was America... [.John Locke}

Time wastes too fast: every letter I trace tells me with what
rapidity Life follows my pen: the days and hours of it ...
flying over our heads like light clouds of a windy day,
never to return more.... [Laurence Sterne]

Re: AS5350 ISDN Problems [ In reply to ]

glotieno at kenyaweb

Feb 26, 2004, 4:57 AM

Post #3 of 5 (1653 views)

Permalink

Hi

Thanks for the response.
For the users that connect but cannot transmit, I have checked and:-
LCP and IPCP are OPEN
the user has an IP address assigned
the user's IP address is in the routing table

For the disconects; I have done the suggested aaa and ppp debugs but can't
seem to deduce anything much from the output.
I have attached the debug output incase you have any ideas.

Thanks,

George.

----- Original Message -----
From: "Mark Johnson" <mljohnso@cisco.com>
To: "GLO" <glotieno@kenyaweb.com>
Sent: Wednesday, February 25, 2004 10:04 PM
Subject: Re: [cisco-nas] AS5350 ISDN Problems

> At 07:34 PM 2/25/2004 +0300, you wrote:
> >I have a Cisco access server AS5350 with E1 modules; and I am
experiencing a
> >strange problem.
> >Some dialup calls on the ISDN line connect but the users can't transmit
data
> >(can't even ping the assigned IP).
>
> Some things to check when a user is connected:
>
> sh int async xx make sure LCP and IPCP are OPEN
> sh caller xx make sure the user has an IP address assigned
> sh ip route x.x.x.x make sure the user's IP address is in the routing
table
> debug ip icmp ping from the remote and confirm if you see the
ICMP
> echo requests at the 5350 (und all when done)
>
> >Other users disconnect immediately after authentication.
>
> debug ppp neg
> debug ppp err
> debug aaa author
> debug aaa authen
>
> Confirm *who* initiates the disconnect (who sends the LCP TERMREQ).
> If it's the remote, you need to check there. If it's the 5350,
> hopefully the debug will indicate why.
>
> Good luck,
>
> mark
>
>

Re: AS5350 ISDN Problems [ In reply to ]

mljohnso at cisco

Feb 26, 2004, 10:47 AM

Post #4 of 5 (1666 views)

Permalink

At 02:57 PM 2/26/2004 +0300, GLO wrote:
>Hi
>
>Thanks for the response.
>For the users that connect but cannot transmit, I have checked and:-
>LCP and IPCP are OPEN
>the user has an IP address assigned
>the user's IP address is in the routing table
>
>For the disconects; I have done the suggested aaa and ppp debugs but can't
>seem to deduce anything much from the output.
>I have attached the debug output incase you have any ideas.

Here is the smoking gun, so to speak:

3w4d: As2/50 AAA/AUTHOR/IP: authorization failed

And if you look at what is being authorized/downloaded from the AAA server:

3w4d: As2/50 AAA/AUTHOR (736691766): Post authorization status = PASS_REPL
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV service=ppp
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV addr=2.1.9.2
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV outacl=internet
3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV inacl=160
3w4d: As2/50 AAA/AUTHOR/IPCP: Authorization succeeded

I suppose the problem could be that you don't have access-lists 160
or internet defined on the 5350. Is that possible?

mark

>Thanks,
>
>George.
>
>----- Original Message -----
>From: "Mark Johnson" <mljohnso@cisco.com>
>To: "GLO" <glotieno@kenyaweb.com>
>Sent: Wednesday, February 25, 2004 10:04 PM
>Subject: Re: [cisco-nas] AS5350 ISDN Problems
>
>
> > At 07:34 PM 2/25/2004 +0300, you wrote:
> > >I have a Cisco access server AS5350 with E1 modules; and I am
>experiencing a
> > >strange problem.
> > >Some dialup calls on the ISDN line connect but the users can't transmit
>data
> > >(can't even ping the assigned IP).
> >
> > Some things to check when a user is connected:
> >
> > sh int async xx make sure LCP and IPCP are OPEN
> > sh caller xx make sure the user has an IP address assigned
> > sh ip route x.x.x.x make sure the user's IP address is in the routing
>table
> > debug ip icmp ping from the remote and confirm if you see the
>ICMP
> > echo requests at the 5350 (und all when done)
> >
> > >Other users disconnect immediately after authentication.
> >
> > debug ppp neg
> > debug ppp err
> > debug aaa author
> > debug aaa authen
> >
> > Confirm *who* initiates the disconnect (who sends the LCP TERMREQ).
> > If it's the remote, you need to check there. If it's the 5350,
> > hopefully the debug will indicate why.
> >
> > Good luck,
> >
> > mark
> >
> >

Re: AS5350 ISDN Problems [ In reply to ]

glotieno at kenyaweb

Feb 27, 2004, 6:59 AM

Post #5 of 5 (1667 views)

Permalink

Thanks Mark!

As you observed I had not aplied the access-lists 160 and internet on the
5350.

Now my remaining headache are the connections that don't allow transmision
of data.

I will appreciate further suggestions on this.

Thanks,

George.

----- Original Message -----
From: "Mark Johnson" <mljohnso@cisco.com>
To: "GLO" <glotieno@kenyaweb.com>
Cc: "Helen Robison, Voice SP Solution Engineering" <hrobison@cisco.com>;
<cisco-nas@puck.nether.net>
Sent: Thursday, February 26, 2004 8:47 PM
Subject: Re: [cisco-nas] AS5350 ISDN Problems

> At 02:57 PM 2/26/2004 +0300, GLO wrote:
> >Hi
> >
> >Thanks for the response.
> >For the users that connect but cannot transmit, I have checked and:-
> >LCP and IPCP are OPEN
> >the user has an IP address assigned
> >the user's IP address is in the routing table
> >
> >For the disconects; I have done the suggested aaa and ppp debugs but
can't
> >seem to deduce anything much from the output.
> >I have attached the debug output incase you have any ideas.
>
> Here is the smoking gun, so to speak:
>
> 3w4d: As2/50 AAA/AUTHOR/IP: authorization failed
>
> And if you look at what is being authorized/downloaded from the AAA
server:
>
> 3w4d: As2/50 AAA/AUTHOR (736691766): Post authorization status = PASS_REPL
> 3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV service=ppp
> 3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV addr=2.1.9.2
> 3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV outacl=internet
> 3w4d: As2/50 AAA/AUTHOR/IPCP: Processing AV inacl=160
> 3w4d: As2/50 AAA/AUTHOR/IPCP: Authorization succeeded
>
> I suppose the problem could be that you don't have access-lists 160
> or internet defined on the 5350. Is that possible?
>
> mark
>
> >Thanks,
> >
> >George.
> >
> >----- Original Message -----
> >From: "Mark Johnson" <mljohnso@cisco.com>
> >To: "GLO" <glotieno@kenyaweb.com>
> >Sent: Wednesday, February 25, 2004 10:04 PM
> >Subject: Re: [cisco-nas] AS5350 ISDN Problems
> >
> >
> > > At 07:34 PM 2/25/2004 +0300, you wrote:
> > > >I have a Cisco access server AS5350 with E1 modules; and I am
> >experiencing a
> > > >strange problem.
> > > >Some dialup calls on the ISDN line connect but the users can't
transmit
> >data
> > > >(can't even ping the assigned IP).
> > >
> > > Some things to check when a user is connected:
> > >
> > > sh int async xx make sure LCP and IPCP are OPEN
> > > sh caller xx make sure the user has an IP address assigned
> > > sh ip route x.x.x.x make sure the user's IP address is in the
routing
> >table
> > > debug ip icmp ping from the remote and confirm if you see
the
> >ICMP
> > > echo requests at the 5350 (und all when
done)
> > >
> > > >Other users disconnect immediately after authentication.
> > >
> > > debug ppp neg
> > > debug ppp err
> > > debug aaa author
> > > debug aaa authen
> > >
> > > Confirm *who* initiates the disconnect (who sends the LCP TERMREQ).
> > > If it's the remote, you need to check there. If it's the 5350,
> > > hopefully the debug will indicate why.
> > >
> > > Good luck,
> > >
> > > mark
> > >
> > >
>

Mailing List Archive

Mailing List Archive

Attached Files: