andris.zarins at microlink
Jul 14, 2005, 8:35 AM
UPDATE - callback itself is working now. If user is meant to be called
FW: Asynchronous callback problems - update
back - it is called back succesfuly. Problems are with users who should
not be called back - normal dial-in users - if 'ppp callback accept' is
configured on group-async interface - problem arise, if that command
isnt there - non-callback users can call in, but callback isnt working.
If I try to call-in as non-callback user, Windows says that "PPP Link
Control Protocol was terminated by remote side" and it says that I
should enable LCP extensions (its done and ON by default also) and try
to allow unsecured password (what is also allowed).
Any ideas where to go next ?
From: Andris Zarins
Sent: Thursday, July 14, 2005 6:10 PM
To: cisco-nas [at] puck
Cc: Andris Zarins
Subject: Asynchronous callback problems
I'm trying to configure callback from 3640 (E1) to WindowsXP PC (async
line). There are several types of users callin to that NAS - Cisco
routers using ISDN, async modem users who shouldnt be called back, and
now there should be async modem users who should be called back. This is
why I need per user AAA what is done using RADIUS. Below is RADIUS
NAS (3640) has numerous mica-midems installed. Dial-in without callback
is working fine, as AAA is done using RADIUS server, so configuration
for vaccess interfaces comes also from vtemplate + RADIUS part.
Here is configuration from NAS:
description Dial-in modem pool
ip unnumbered Loopback2
no ip route-cache cef
no ip route-cache
ip tcp header-compression
no ip mroute-cache
dialer idle-timeout 9000
async mode dedicated
peer default ip address pool dial-up
ppp authentication chap modem
no clns route-cache
group-range 33 56
And here is profile from RADIUS for involved user:
Framed-Protocol = PPP
Service-Type = Framed-User
cisco-avpair = "lcp:interface-config=ppp callback accept"
cisco-avpair = "lcp:interface-config=ip unnumbered lo2"
cisco-avpair = "lcp:interface-config=peer default ip address
cisco-avpair = "lcp:interface-config=encaps ppp"
cisco-avpair = "lcp:interface-config=ppp multilink"
What I'm worried about is command "ppp callback accept". As far as I
know - it should be configured on group-async interface, but if I do it
- nobody is able to call-in in any manner (with callback or without).
"debug aaa authentication" says that user isn't authorized for callback
and AAA procedure exits at that moment (or maybe I'm not doin enough
debugging, so Im missin something).
Any ideas how to proceed and what to troubleshoot? Maybe anyone has got
working configuration for callback? Any ideas what to debug? I
understand that there might be not enough information, if you need
something else to give some comments - I'll do it :-)