This Monday a PPP T1 circuit that I had established between 2 offices went down. Although the interfaces on both routers indicate they are up, line protocol is down. In diagnosing the problem, I have traced it to the authentication statements in my router. If I remove the aaa authentication for network:
aaa authorization network default group tacacs+ if-authenticated
The line protocol comes up. Once I add it back, it goes down. The strange thing is that no changes were made to the ACS server nor the router that is having this problem.
This circuit has been in operation for about 6 months as is, so this has me really stumped. Any assistance would be greatly appreciated. To follow is a copy of the config..
!
logging console emergencies
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login no_tacacs enable
aaa authentication ppp default if-needed group tacacs+
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization network default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
enable secret XXX
!
username XXX password XXX
!
!
!
!
clock timezone PST -8
clock summer-time DST recurring
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
ipx routing xxx
async-bootp dns-server XXX
async-bootp nbns-server XXX
!
!
!
!
!
interface Loopback0
ip address XXX
!
interface Ethernet0/0
description Sahara LAN
ip address XXX
ip pim sparse-mode
ip cgmp
full-duplex
ipx network 120
!
interface Serial0/1
description Link to St. Louis Square
ip address XXX
encapsulation ppp
no fair-queue
service-module t1 timeslots 1-24
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer-group 1
async mode interactive
peer default ip address pool DIALIN
ppp authentication chap
group-range 33 40
!
ip local pool DIALIN XXX
ip classless
ip route 0.0.0.0 0.0.0.0 XXX
no ip http server
!
logging trap debugging
logging facility local4
logging XXX
dialer-list 1 protocol ip permit
!
!
!
tacacs-server host XXX
tacacs-server key XXX
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication no_tacacs
line 33 40
modem InOut
modem autoconfigure discovery
transport input all
autoselect ppp
flowcontrol hardware
line aux 0
line vty 0 4
access-class 25 in
exec-timeout 0 0
password XXXX
logging synchronous
!
ntp clock-period 17207848
ntp server XXX
end
aaa authorization network default group tacacs+ if-authenticated
The line protocol comes up. Once I add it back, it goes down. The strange thing is that no changes were made to the ACS server nor the router that is having this problem.
This circuit has been in operation for about 6 months as is, so this has me really stumped. Any assistance would be greatly appreciated. To follow is a copy of the config..
!
logging console emergencies
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login no_tacacs enable
aaa authentication ppp default if-needed group tacacs+
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization network default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
enable secret XXX
!
username XXX password XXX
!
!
!
!
clock timezone PST -8
clock summer-time DST recurring
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
ipx routing xxx
async-bootp dns-server XXX
async-bootp nbns-server XXX
!
!
!
!
!
interface Loopback0
ip address XXX
!
interface Ethernet0/0
description Sahara LAN
ip address XXX
ip pim sparse-mode
ip cgmp
full-duplex
ipx network 120
!
interface Serial0/1
description Link to St. Louis Square
ip address XXX
encapsulation ppp
no fair-queue
service-module t1 timeslots 1-24
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer-group 1
async mode interactive
peer default ip address pool DIALIN
ppp authentication chap
group-range 33 40
!
ip local pool DIALIN XXX
ip classless
ip route 0.0.0.0 0.0.0.0 XXX
no ip http server
!
logging trap debugging
logging facility local4
logging XXX
dialer-list 1 protocol ip permit
!
!
!
tacacs-server host XXX
tacacs-server key XXX
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication no_tacacs
line 33 40
modem InOut
modem autoconfigure discovery
transport input all
autoselect ppp
flowcontrol hardware
line aux 0
line vty 0 4
access-class 25 in
exec-timeout 0 0
password XXXX
logging synchronous
!
ntp clock-period 17207848
ntp server XXX
end
