Mailing List Archive

Jamie,

Yes you can support users dialing in and authenticating either in
character mode (dialup script) or via PPP (CHAP or PAP). Here's the
idea ...

aaa authentication login default group tacacs ! for character mode logins
aaa authentication ppp default group tacacs if-needed ! [1]
int group-async1
encapsulation ppp
async mode interactive

line 1/0 1/59
autoselect ppp
autoselect during-login

[1] if-needed means that authentication in PPP is skipped if the call
has already done character mode authentication

Aaron

---

>
> Hi,
> In light of the current problem with the latest Microsoft updates
> breaking dial-up scripts, we're looking into moving to CHAP for TACACS
> authentication. I'm trying to see if we can support both methods but
> I've not had much luck thus far. Is it possible to config my 5350 to
> allow users to connect and authenticate using a script or CHAP? If
> so, is there more to config'ing the 5350 than adding 'ppp
> authentication chap' to my Group-async0 interface and 'autoselect ppp
> and 'autoselect during-login' on my lines?
>
> .............thanks in advance.........Jamie
>
>
> James Savage York University
> Senior Communications Tech. 108 Steacie Building
> jsavage@yorku.ca 4700 Keele Street
> ph: 416-736-2100 ext. 22605 Toronto, Ontario
> fax: 416-736-5701 M3J 1P3, CANADA
> ------------------------------------------------------------------------
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

Thanks Aaron.....yes we've since got it to work.....we've written our own
TACACS and that's where the problem was (which I assumed but needed to be
sure my 5350 config was fine).....however, I wasn't aware of the 'if
needed' scenario...that could make things better for us.

.......as always, I appreciate your help.....thx............Jamie


James Savage York University
Senior Communications Tech. 108 Steacie Building
jsavage@yorku.ca 4700 Keele Street
ph: 416-736-2100 ext. 22605 Toronto, Ontario
fax: 416-736-5701 M3J 1P3, CANADA



Aaron Leonard <Aaron@cisco.com>
06/22/2006 11:21 AM

To
Jamie Savage <jsavage@yorku.ca>
cc
cisco-nas@puck.nether.net
Subject
Re: [cisco-nas] concurrent support for dial-up scripts and CHAP?






Jamie,

Yes you can support users dialing in and authenticating either in
character mode (dialup script) or via PPP (CHAP or PAP). Here's the
idea ...

aaa authentication login default group tacacs ! for character mode logins
aaa authentication ppp default group tacacs if-needed ! [1]
int group-async1
encapsulation ppp
async mode interactive

line 1/0 1/59
autoselect ppp
autoselect during-login

[1] if-needed means that authentication in PPP is skipped if the call
has already done character mode authentication

Aaron

---

>
> Hi,
> In light of the current problem with the latest Microsoft updates
> breaking dial-up scripts, we're looking into moving to CHAP for TACACS
> authentication. I'm trying to see if we can support both methods but
> I've not had much luck thus far. Is it possible to config my 5350 to
> allow users to connect and authenticate using a script or CHAP? If
> so, is there more to config'ing the 5350 than adding 'ppp
> authentication chap' to my Group-async0 interface and 'autoselect ppp
> and 'autoselect during-login' on my lines?
>
> .............thanks in advance.........Jamie
>
>
> James Savage York University
> Senior Communications Tech. 108 Steacie Building
> jsavage@yorku.ca 4700 Keele Street
> ph: 416-736-2100 ext. 22605 Toronto, Ontario
> fax: 416-736-5701 M3J 1P3, CANADA
> ------------------------------------------------------------------------
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>