1720 router with 128K primary link and ISDN Backup. Problem When primary link falls ISDN backup has authentications problems due to tacacs on both sides (Remote and HQ).
Here is my Remote side config and debug aaa new-model aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ enable aaa authentication ppp default local none aaa authorization exec default local group tacacs+ aaa authorization network default local none aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+ Log Buffer (4096 bytes): CONFREQ [ACKsent] id 8 len 26 00:23:49: BR0:1 LCP: MagicNumber 0x0958D9C8 (0x05060958D9C8) 00:23:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 5F424D57) 00:23:49: BR0:1 LCP: I CONFACK [ACKsent] id 8 len 26 00:23:49: BR0:1 LCP: MagicNumber 0x0958D9C8 (0x05060958D9C8) 00:23:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 5F424D57) 00:23:49: BR0:1 LCP: State is Open 00:23:49: BR0:1 PPP: Phase is AUTHENTICATING, by the peer Jul 2 18:48:06: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 011654760 0 00:24:00: BR0:1 AUTH: Timeout 1 00:24:10: BR0:1 AUTH: Timeout 2 00:24:20: BR0:1 AUTH: Timeout 3 00:24:30: BR0:1 AUTH: Timeout 4 00:24:48: BR0:1 AUTH: Timeout 5 00:24:58: BR0:1 AUTH: Timeout 6 00:25:08: BR0:1 AUTH: Timeout 7 00:25:18: BR0:1 AUTH: Timeout 8 00:25:28: BR0:1 AUTH: Timeout 9 00:25:38: BR0:1 AUTH: Timeout 10 00:25:48: BR0:1 LCP: I TERMREQ [Open] id 15 len 4 00:25:48: BR0:1 LCP: O TERMACK [Open] id 15 len 4 00:25:48: BR0:1 PPP: Phase is TERMINATING Jul 2 18:49:59: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 0116547 600 , call lasted 119 seconds Jul 2 18:49:59: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down Jul 2 18:49:59: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0 00:25:48: BR0:1 LCP: State is Closed 00:25:48: BR0:1 PPP: Phase is DOWN Jul 2 18:50:00: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up Jul 2 18:50:00: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0 00:25:49: BR0:1 PPP: Treating connection as a callout 00:25:49: BR0:1 PPP: Phase is ESTABLISHING, Active Open 00:25:49: BR0:1 PPP: Authorization required 00:25:49: BR0:1 PPP: No remote authentication for call-out 00:25:49: BR0:1 LCP: O CONFREQ [Closed] id 9 len 30 00:25:49: BR0:1 LCP: MagicNumber 0x095AAF85 (0x0506095AAF85) 00:25:49: BR0:1 LCP: MRRU 1524 (0x110405F4) 00:25:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 5F424D57) 00:25:49: BR0:1 LCP: I CONFREQ [REQsent] id 2 len 14 00:25:49: BR0:1 LCP: AuthProto PAP (0x0304C023) 00:25:49: BR0:1 LCP: MagicNumber 0x3375A3CD (0x05063375A3CD) 00:25:49: BR0:1 LCP: O CONFACK [REQsent] id 2 len 14 00:25:49: BR0:1 LCP: AuthProto PAP (0x0304C023) 00:25:49: BR0:1 LCP: MagicNumber 0x3375A3CD (0x05063375A3CD) 00:25:49: BR0:1 LCP: I CONFREJ [ACKsent] id 9 len 8 00:25:49: BR0:1 LCP: MRRU 1524 (0x110405F4) 00:25:49: BR0:1 LCP: O CONFREQ [ACKsent] id 10 len 26 00:25:49: BR0:1 LCP: MagicNumber 0x095AAF85 (0x0506095AAF85) 00:25:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 5F424D57) 00:25:49: BR0:1 LCP: I CONFACK [ACKsent] id 10 len 26 00:25:49: BR0:1 LCP: MagicNumber 0x095AAF85 (0x0506095AAF85) 00:25:49: BR0:1 LCP: EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 5F424D57) 00:25:49: BR0:1 LCP: State is Open 00:25:49: BR0:1 PPP: Phase is AUTHENTICATING, by the peer Jul 2 18:50:06: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 0112345678 0 00:25:59: BR0:1 AUTH: Timeout 1 00:26:09: BR0:1 AUTH: Timeout 2 00:26:19: BR0:1 AUTH: Timeout 3 00:26:29: BR0:1 AUTH: Timeout 4 00:26:39: BR0:1 AUTH: Timeout 5 Jul 2 18:50:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, change d state to up 00:26:49: BR0:1 AUTH: Timeout 6 00:26:59: BR0:1 AUTH: Timeout 7 Jul 2 18:51:13: %SYS-5-CONFIG_I: Configured from console by vty1 (172.16.54.69) 00:27:10: BR0:1 AUTH: Timeout 8 Jul 2 18:51:29: %LINK-5-CHANGED: Interface Dialer0, changed state to standby mo de 00:27:18: Di0 LCP: Not allowed on a Dialer Profile 00:27:20: BR0:1 AUTH: Timeout 9 00:27:30: BR0:1 AUTH: Timeout 10 00:27:39: BR0:1 LCP: I TERMREQ [Open] id 3 len 4 00:27:39: BR0:1 LCP: O TERMACK [Open] id 3 len 4 00:27:39: BR0:1 PPP: Phase is TERMINATING Jul 2 18:51:51: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 0112345678 , call lasted 110 seconds Jul 2 18:51:51: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down Jul 2 18:51:51: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0 00:27:40: BR0:1 LCP: State is Closed 00:27:40: BR0:1 PPP: Phase is DOWN ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ isdn switch-type basic-net3 ! ! ! interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 no fair-queue ppp authentication chap pap ppp multilink ! interface FastEthernet0 description ALBERANTE LOCAL ETHERNET SEGMENT ip address 172.20.51.1 255.255.255.0 speed 100 full-duplex no cdp enable ! interface Serial0 description 128KB LINK ALBERANTE bandwidth 128 backup delay 10 30 backup interface Dialer0 ip address 172.20.140.34 255.255.255.252 no fair-queue ! interface Dialer0 description ISDN BACKUP ip address 172.20.61.54 255.255.255.252 ip broadcast-address 172.20.61.55 encapsulation ppp no ip mroute-cache dialer pool 1 dialer remote-name ZA108005D dialer idle-timeout 180 dialer string 0112345678 dialer load-threshold 180 either dialer-group 1 ppp authentication chap callin ppp chap hostname ALBERANTE ppp chap password x ppp multilink ! router eigrp 328 network 172.20.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 172.20.61.53 200 ntp clock-period 17179888 ntp server 172.20.108.2 end The HQ side has same Tacacs config and same dialer profile.If the is no tacacs is on remote side then the isdn backup works fine.Once tacacs is on then it fails to authenticate locally.I am using local username and password. Any ideas ??? Thanks _________________________________________________________________ Online - Offline - Day time - Night time. Buy and Sell - Aucor Auctions! http://www.aucor.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71818&t=71818 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
