AS5300 VPDN and local auth

Greetings!

Our AS5300 configured and very well working as a local access concentrator together with another Cisco LNS. We are using VPDN tunnelling to terminate all ppp calls. All PPP athentication is bypassed to LNS, so local authentication is used only to allow admin's exec session.

Anyway, there is a need to let admin to initiate a PPP session and terminate it locally on AS5300 LAC by issuing a command "ppp negotiate" In current configuration (see below) we cannot bypass tunnelling, so the "requested address was rejected by the server" authorization error has been returned and PPP session does not complete to negotiate because all authentication data is being tunnelled to the LNS, where it checked by RADIUS.

What should we add into the config to permit local users (admin1, admin2) to initiate a PPP session and have terminated it locally on a LAC without tunneling them to an LNS?

Thank you very much.

The current configuration is following:

----------------------------------- IOS Version is 12.3(17) aaa new-model ! ! aaa authentication login default local aaa authentication login LOCAL none aaa session-id common ip subnet-zero

! vpdn enable vpdn source-ip xxx.xxx.111.4 vpdn search-order dnis

! vpdn-group Dialup request-dialin protocol l2tp dnis 111111111 dnis 111111121 initiate-to ip xxx.xxx.xxx.1 priority 10 local name LAC1 l2tp tunnel password 7 05233847283479283B09 ! isdn switch-type primary-ni ! username admin1 password 7 023984AB9834545845 username admin2 password 7 1234873B234C234423 ! controller E1 0 framing NO-CRC4 clock source line primary ...etc ! ! interface Loopback0 ip address xxx.xxx.111.4 255.255.255.255 ! interface Ethernet0 ip address xxx.xxx.xxx.120 255.255.255.0 no ip redirects no ip unreachables no cdp enable ! interface Group-Async0 ip unnumbered Loopback0 no ip redirects encapsulation ppp no logging event link-status dialer in-band dialer-group 1 async mode interactive peer default ip address pool POOL ppp authentication pap chap group-range 1 240 ! interface Dialer0 ip unnumbered Loopback0 encapsulation ppp dialer in-band dialer idle-timeout 0 no peer default ip address no cdp enable ppp authentication pap chap ppp multilink ! ! interface Dialer1 ip unnumbered Loopback0 encapsulation ppp dialer in-band dialer idle-timeout 0 dialer extsig no peer default ip address no cdp enable ppp authentication pap chap ppp multilink ! ip local pool POOL 111.111.111.1 111.111.111.254 ip classless ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.109 no ip http server ! mgcp mgcp call-agent pgw2 2427 service-type mgcp version 1.0 mgcp dtmf-relay voip codec all mode nte-gw mgcp modem passthrough voip mode nse mgcp modem passthrough voip codec g711alaw mgcp vad mgcp sgcp disconnect notify mgcp ip qos dscp cs4 signaling mgcp package-capability dtmf-package mgcp package-capability rtp-package mgcp package-capability nas-package mgcp default-package gm-package mgcp fax t38 ls_redundancy 1 mgcp fax t38 hs_redundancy 1 mgcp bind control source-interface Loopback0 mgcp bind media source-interface Loopback0 ! ! mgcp profile default timeout tsmax 100 no max1 lookup max1 retries 3 ! ! line con 0 logging synchronous login authentication LOCAL line 1 240 modem Dialin transport output none autoselect ppp ! ... end

-----------------------------------

Reply to
dukgu
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.