RADIUS and Cisco Dialback

Novell Cool Solutions: Feature

Reader Rating from 2 ratings

Digg This - Slashdot This

Posted: 26 Aug 2003

Jaco Lange and Deenan Arnachellan

[Editor's Note: This excellent article was originally submitted to Cool Solutions without the authors' names, so we published it anonymously. Here it is again, with the proper bylines and contact information.]

Here's how to implement dialback to a user via Cisco 2600:

NWADMIN CONFIGURATION

1. Under Dial access profile, add the following attributes:

Service type Framed
Framed-Protocol PPP
Cisco-AV-Pair lcp:callback-dialstring=
(This config allows the user to put in any number)

2. On the User object -> Remote Access -1

Set Dialback to Dialback Any Number
Enable use dial in port for dial back

3. On the User object -> Dial Access Services

Enable dial access control
Chose the relevant dial access system
Under Configured services choose your dialaccess profile.
Add the following attribute for the user lcp:send-secret=<password> (e.g.. lcp:send-secret=nomoresecrets)

CISCO CONFIGURATION

Current configuration: 
! 
version 12.0 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
! 
hostname Router 
! 
aaa new-model 
aaa authentication login none none 
aaa authentication ppp default group radius local 
aaa authorization network default group radius 
enable secret 5 XXXX. 
! 
ip subnet-zero 
no ip domain-lookup 

isdn switch-type basic-net3 
isdn voice-call-failure 0 
! 
! 
! 
interface Loopback0 
 ip address 2.2.2.2 255.255.255.255 
 no ip directed-broadcast 
! 
interface Ethernet0/0 
 ip address 10.11.32.254 255.255.255.0 
 no ip directed-broadcast 
 no ip mroute-cache 
 no cdp enable 
! 
interface BRI0/0 
 no ip address 
 no ip directed-broadcast 
 encapsulation ppp 
 dialer rotary-group 1 
 isdn switch-type basic-net3 
!interface Serial0/0 
 no ip address 
 no ip directed-broadcast 
 no ip mroute-cache 
 shutdown 
! 
interface Dialer1 
 ip unnumbered Loopback0 
 no ip directed-broadcast 
 encapsulation ppp 
 dialer in-band 
 dialer aaa 
 dialer idle-timeout 60 
 dialer enable-timeout 5 
 dialer hold-queue 20 
 dialer-group 1 
 peer default ip address pool default 
 ppp callback accept 
 ppp authentication chap callin 
! 
ip local pool default 10.10.10.1 10.10.10.10 
ip classless 
no ip http server 

dialer-list 1 protocol ip permit 
snmp-server engineID local 0000000902000004C0538600 
snmp-server community public RO 
radius-server host 10.11.32.41 
auth-port 1645 acct-port 1646 key mbw 
! 
no scheduler allocate

If you have any questions you may contact Jaco at jaco@e-innovation.co.za, or Deenan at deenan@conceptt.co.za

Reader Comments

very good !

Like what you see?
Sign up for our weekly newsletter.

Want to contribute?
It could earn you a nano! Learn more.

Like Wikis?
Join the Cool Solutions Wiki.

Interested?
Request a sales call

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com