RADIUS & Cisco Dialback - Sept. 1, 2001

Here is the text of a post from the Novell forums from a user who was kind enough to post his solution. Thanks to Jaco Lange and Deenan Arnachellan!

***************************************************************
Hi everyone.

After one month of blood sweat and tears we found the solution how to implement dialback to a user via Cisco 2600 .

Don't you think it is a good idea if Novell creates a config for all NAS devices. That should make implementing Radius a lot easier.

First make sure you have the latest and greatest Radius software, you know the normal Novell story.

_________________________________________________________________
In NWADMIN32

Under Dial access profile, add the following attributes:
Service type Framed
Framed-Protocol PPP
Cisco-AV-Pair lcp:callback-dialstring=
( This config allows the user to put in any number)

Go to the User object -> Remote Access -1
Set Dialback to Dialback Any Number
Enable use dial in port for dial back

Go to the User object -> Dial Access Services
Enable dial access control
Chose the relevant dial access system
Under Configures services chose your dialaccess profile.
Add the following attribute for the user lcp:send-secret=<password>
(e.g.. lcp:send-secret=nomoresecrets)

(If you want to change the password, there is some sort of problem, the old password get stuck in the cache.the only way to resolve this is to bounce the server, unless you have another idea, Unloading Radius does not help.)

_______________________________________________________________

Now for the Cisco config:

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
aaa new-model
aaa authentication login none none
aaa authentication ppp default group radius local
aaa authorization network default group radius
enable secret 5 XXXX.
!
ip subnet-zero
no ip domain-lookup

isdn switch-type basic-net3
isdn voice-call-failure 0
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 10.11.32.254 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
no cdp enable
!
interface BRI0/0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
!interface Serial0/0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface Dialer1
ip unnumbered Loopback0
no ip directed-broadcast
encapsulation ppp
dialer in-band
dialer aaa
dialer idle-timeout 60
dialer enable-timeout 5
dialer hold-queue 20
dialer-group 1
peer default ip address pool default
ppp callback accept
ppp authentication chap callin
!
ip local pool default 10.10.10.1 10.10.10.10
ip classless
no ip http server

dialer-list 1 protocol ip permit
snmp-server engineID local 0000000902000004C0538600
snmp-server community public RO
radius-server host 10.11.32.41 auth-port 1645 acct-port 1646 key mbw
!
no scheduler allocate



Return to the Main Page