Over years we used an Ascend Max RAS-System for inbound/outbound/callback (isdn and modem) users and site2site-connections.
The user profiles where kept on a good old Livingston radius server.
For router-max callback connections we used profiles like this:
router-ext Password = "verysecret" User-Service = Framed-User, Framed-Protocol = PPP, Framed-Address = 192.168.222.117, Ascend-PPP-Address = 192.168.222.118, Ascend-IF-Netmask = 255.255.255.252, Framed-Netmask = 255.255.255.252, Ascend-Metric = 2, Framed-Routing = None, Ascend-Data-Svc = Switched-64K, Ascend-Idle-Limit = 300, Ascend-Callback = Callback-Yes, Ascend-Send-Auth = Send-Auth-CHAP, Ascend-Send-Passwd = verysecret, Ascend-Dial-Number = "901070123456789", Framed-Route = "192.168.1.0/24 192.168.222.117 1"
For windows-user-max callback connections the profiles looked like this:
homeoffice1 Password = "moresecret" User-Service = Framed-User, Framed-Protocol = MPP, Framed-Routing = None, Ascend-Assign-IP-Pool = 1, Ascend-Client-Primary-DNS = 192.168.183.241, Ascend-Metric = 2, Ascend-Data-Svc = Switched-64K, Ascend-CBCP-Enable = CBCP-Enabled, Ascend-CBCP-Mode = CBCP-Profile-Callback, Ascend-CBCP-Delay = 5, Ascend-CBCP-Trunk-Group = 9, Ascend-Send-Auth = Send-Auth-None, Ascend-Dial-Number = "90107012398765"
To make callback work for windows-users the callback control protocol (CBCP) was enabled.
The migrated homeoffice1-profile works for the windows-user without explict enabled cbcp. This seems to be standard in ciscos world. (?)
homeoffice1 Password == "moresecret" User-Service-Type=Framed, Framed-Protocol=PPP, Idle-Timeout=300, cisco-avpair+="lcp:callback-dialstring=0107012398765", cisco-avpair+="ip:addr-pool=pool1", cisco-avpair+="ip:dns-servers=192.168.183.241"
This is a problem for router-router-callback . The called router seems to be not able to negotiate in this way.
Cisco Console-Output: # # *Dec 13 08:33:09.924: Se1/0:27 PPP: Callback user did # not negotiate LCP Callback #
Cisco Internetwork Operating System Software IOS (tm) 3700 Software (C3725-I-M), Version 12.3(9), RELEASE SOFTWARE (fc2)
Who knows the "trick" (radius attribute) to stop cisco negotiating callback after sucessfull authentication?
Best Regards Stefan