radius callback issue

Over years we used an Ascend Max RAS-System for inbound/outbound/callback (isdn and modem) users and site2site-connections.

The user profiles where kept on a good old Livingston radius server.

For router-max callback connections we used profiles like this:

router-ext Password = "verysecret" User-Service = Framed-User, Framed-Protocol = PPP, Framed-Address =, Ascend-PPP-Address =, Ascend-IF-Netmask =, Framed-Netmask =, Ascend-Metric = 2, Framed-Routing = None, Ascend-Data-Svc = Switched-64K, Ascend-Idle-Limit = 300, Ascend-Callback = Callback-Yes, Ascend-Send-Auth = Send-Auth-CHAP, Ascend-Send-Passwd = verysecret, Ascend-Dial-Number = "901070123456789", Framed-Route = " 1"

For windows-user-max callback connections the profiles looked like this:

homeoffice1 Password = "moresecret" User-Service = Framed-User, Framed-Protocol = MPP, Framed-Routing = None, Ascend-Assign-IP-Pool = 1, Ascend-Client-Primary-DNS =, Ascend-Metric = 2, Ascend-Data-Svc = Switched-64K, Ascend-CBCP-Enable = CBCP-Enabled, Ascend-CBCP-Mode = CBCP-Profile-Callback, Ascend-CBCP-Delay = 5, Ascend-CBCP-Trunk-Group = 9, Ascend-Send-Auth = Send-Auth-None, Ascend-Dial-Number = "90107012398765"

To make callback work for windows-users the callback control protocol (CBCP) was enabled.

The migrated homeoffice1-profile works for the windows-user without explict enabled cbcp. This seems to be standard in ciscos world. (?)

homeoffice1 Password == "moresecret" User-Service-Type=Framed, Framed-Protocol=PPP, Idle-Timeout=300, cisco-avpair+="lcp:callback-dialstring=0107012398765", cisco-avpair+="ip:addr-pool=pool1", cisco-avpair+="ip:dns-servers="

This is a problem for router-router-callback . The called router seems to be not able to negotiate in this way.

Cisco Console-Output: # # *Dec 13 08:33:09.924: Se1/0:27 PPP: Callback user did # not negotiate LCP Callback #

Cisco Internetwork Operating System Software IOS (tm) 3700 Software (C3725-I-M), Version 12.3(9), RELEASE SOFTWARE (fc2)

Who knows the "trick" (radius attribute) to stop cisco negotiating callback after sucessfull authentication?

Best Regards Stefan

Reply to
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.