Ppp radius problem

Hi guys my problem is about Radius.It can not assign ip to remote host.This host request ppp and it terminated by on our Cisco router(LAC-LNS).And Cisco router uses AAA for authentication and ip assignment.Authentication part is okey.The host can connect radius and passes username password phase.But when the ppp protocol pass next ipcp level, host request;confreq is above,
Primary DNS server IP address: 0.0.0.0
Secondary DNS server IP address: 0.0.0.0
Primary WINS server IP address: 0.0.0.0
Secondary WINS server IP address: 0.0.0.0
IP address: 0.0.0.0
But the Router returns reject;confrej
Primary DNS server IP address: 0.0.0.0
Secondary DNS server IP address: 0.0.0.0
Primary WINS server IP address: 0.0.0.0
Secondary WINS server IP address: 0.0.0.0
IP address: 0.0.0.0
After this negotiation ppp ipcp part is terminated and the host never get ip address.
My question, Although the ppp authentication seems okey, why the remote host does not get ip address.Shoul I focus radius config. or Router config. ?
Thanks.

Hi Marco,
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0.12
no ip mroute-cache
no peer default ip address
ppp authentication pap
ppp ipcp predictive
I will paste here also debug files.
Best regards

Similar Messages

Border Radius Problem

I'm having trouble getting a border radius to work as I want. Please keep in mind my pages are works in progress. The corner radii of the footer div do not fill correctly when I apply a 1px border around the container div. There's a tiny bit of page background color that bleeds through at the lower rounded corners. Look here:
http://www.kiefferfurniture.com/testcss.html
If I remove the border from the container div and add it to the footer div, then it does render correctly. Look here:
http://www.kiefferfurniture.com/testcss2.html
Applying the border to both causes the border to appear as 2px wide where the divs overlap, and that is no good. How do I get a 1px border around everything so it looks and renders correctly?

I'm not seeing a problem in FF12. But older browsers need proprietary code. Note the syntax difference for Mozilla (whacky).
Also, older IE doesn't support border-radius.
#footer {
background-color: #66A7C5;
margin-top: 0px;
border: 5px solid #284B4D; /**increased border width**/
-webkit-border-bottom-right-radius: 10px;
-webkit-border-bottom-left-radius: 10px;
-moz-border-radius-bottomright: 10px;
-moz-border-radius-bottomleft: 10px;
border-bottom-right-radius: 10px;
border-bottom-left-radius: 10px;
Nancy O.
Alt-Web Design & Publishing
Web | Graphics | Print | Media Specialists
http://alt-web.com/
http://twitter.com/altweb
http://alt-web.blogspot.com/

PPP Mulilink problem

Need Help!
Got problem with ppp multilink. Set up it, but the interface show down, like that in both side:
Serial4:0 unassigned YES manual down down
Serial5:0 unassigned YES manual down down
check lthe phisical line, phisical line is ok.
here are configs of both sides
R1:
controller E1 0/0/0
framing NO-CRC4
clock source internal
channel-group 0 timeslots 1-31
controller E1 0/0/1
framing NO-CRC4
clock source internal
channel-group 0 timeslots 1-31
interface Multilink3
ip address 192.10.10.1 255.255.255.252
ppp multilink
ppp multilink interleave
ppp multilink group 3
interface Serial0/0/0:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 3
interface Serial0/0/1:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 3
R2:
controller E1 4
framing NO-CRC4
clock source line secondary 4
channel-group 0 timeslots 1-31
controller E1 5
framing NO-CRC4
clock source line secondary 5
channel-group 0 timeslots 1-31
interface Multilink3
ip address 172.28.235.37 255.255.255.252
shutdown
ppp multilink
ppp multilink interleave
ppp multilink group 3
interface Serial4:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 3
interface Serial5:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 3
What to do?

I would assume the multilink interface on R2 been shut down is the issue
interface Multilink3
ip address 172.28.235.37 255.255.255.252
shutdown <------------------- do a no shut on this interface
ppp multilink
ppp multilink interleave
ppp multilink group 3

Ppp multilink problem

Hi
I am having a problem configuring ip rtp with interleaving on two 1721's prioritizing voice traffic between two ip voice devices over a 128k point to point link. This is my config...
interface Multilink1
ip address 192.168.24.2 255.255.255.0
no cdp enable
ppp multilink
ppp multilink fragment delay 20
ppp multilink interleave
ppp multilink group 1
ip rtp header-compression iphc-format
ip tcp header-compression iphc-format
ip rtp priority 8100 100 40
interface Serial0
bandwidth 128
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ppp multilink
no cdp enable
Everytime I add the 'ppp multilink' to the serial, I get the virtual-access interface bouncing up and down with no traffic flowing.
any ideas?

Cannnnnnnnt see much wrong, try adding "ppp multilink group 1" to int S0 config.

WLC 7.6.120.0 Radius problems with FreeRadius server

Hi there
we have 3 WLC 5508 with version 7.6.120.0 and 2 FreeRadius servers. In the WLC log we see a lot of "radius auth-server unavailable" messages and some users can not authenticate against our dot1x (PEAP).
The problems occur most of the time, when there are a lot of WLAN clients trying to connect to the SSID at the same time.
Does anybody have the same problems or are there any known bug for this phenomena?
Thanks in advance and best regards
Anna

Hi Anna
your problems seems to be this bug here: https://tools.cisco.com/bugsearch/bug/CSCuo96366
Symptom:
Clients are not able to Authenticate at Peak loads when using FreeRadius.
Conditions:
Using Freed radius (most susceptible), we observe at high auth rate and if Radius server is not responding to all Radius packets in seq order or if the server is slow, WLC when wraps around 0-255 Radius ID's, it does not do a check when posting new packet.
So essentially you have 2 packets with same ID being presented to AAA server.
Workaround:
Recover's when load is reduced.
Further Problem Description:
So far, issue has not been brought to notice while using ISE/ACS/NPS.
There are two possible solutions I see:
1. Downgrade to an earlier WLC version <7.6 (e.g. 7.4.121.0)
2. Try to have another radius server in between (radius proxy, e.g. Cisco ACS or Microsoft NPS)
Best regards
Dominic

WLC 5508 Release 7.4.100.0 RADIUS PROBLEM

Hi,
Previously I was using 7.0.116.0 and there was no problem on Radius Authentication.
Client uses secure V2
After upgrading 7.4.100.0 Radius Authentication Successfull,
but Secure V2 continuously opens login page
Thanks

(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Eduroam
Network Name (SSID).............................. eduroam
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 48
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ eduroam_1
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.0.15.1
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ 193.140.164.5 1812
--More-- or (q)uit
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
   802.11 Authentication:........................ Open System
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Enabled
         PSK..................................... Disabled
         CCKM.................................... Disabled
         FT(802.11r)............................. Disabled
         FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
--More-- or (q)uit
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   H-REAP Local Switching........................ Disabled
   H-REAP Local Authentication................... Disabled
   H-REAP Learn IP Address....................... Enabled
   Client MFP.................................... Optional
   Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID     IP Address            Status

802.1x with ACS 4.2 (RADIUS) problem

HI all!
I am trying to configure AAA authentication and authorization with Cisco 3725 (IOS 12.4(17)) for 802.1x and ACS 4.2 with VLAN assignment to my Windows XP client. (trying to assign VLAN 100 in my scenario).
When user connects to the Router, it passes the authentication process (EAP-MD5). In my debug i see that Router recieves the Radius Attributes BUT does not apply anything!
My running config:
Building configuration...
Current configuration : 1736 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R4
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa session-id common
memory-size iomem 5
ip cef
no ip domain lookup
ip domain name lab.local
ip device tracking
dot1x system-auth-control
interface FastEthernet0/0
ip address 10.10.0.253 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet1/0
dot1x port-control auto
interface FastEthernet1/1
interface FastEthernet1/2
interface FastEthernet1/3
interface FastEthernet1/4
interface FastEthernet1/5
interface Vlan1
ip address 192.168.1.1 255.255.255.0
interface Vlan100
ip address 192.168.100.1 255.255.255.0
ip forward-protocol nd
no ip http server
no ip http secure-server
mac-address-table static 0800.27b1.b332 interface FastEthernet1/0 vlan 1
radius-server host 10.10.0.2 auth-port 1645 acct-port 1646 key cisco
radius-server vsa send accounting
radius-server vsa send authentication
My Radius debug information:
*Mar 1 00:21:31.487: RADIUS: Pick NAS IP for u=0x65BAF324 tableid=0 cfg_addr=0.0.0.0
*Mar 1 00:21:31.491: RADIUS: ustruct sharecount=2
*Mar 1 00:21:31.491: Radius: radius_port_info() success=1 radius_nas_port=1
*Mar 1 00:21:31.491: RADIUS: added cisco VSA 2 len 15 "FastEthernet1/0"
*Mar 1 00:21:31.491: RADIUS: Request contains 9 byte EAP-message
*Mar 1 00:21:31.491: RADIUS: Added 9 bytes of EAP data to request
*Mar 1 00:21:31.495: RADIUS/ENCODE: Best Local IP-Address 10.10.0.253 for Radius-Server 10.10.0.2
*Mar 1 00:21:31.507: RADIUS(00000000): Send Access-Request to 10.10.0.2:1645 id 1645/3, len 127
*Mar 1 00:21:31.511: RADIUS: authenticator 36 68 24 30 F0 CC E8 3C - 69 48 61 E3 DA 28 52 AC
*Mar 1 00:21:31.511: RADIUS: NAS-IP-Address      [4]   6   10.10.0.253
*Mar 1 00:21:31.511: RADIUS: NAS-Port            [5]   6   0
*Mar 1 00:21:31.511: RADIUS: Vendor, Cisco       [26] 23
*Mar 1 00:21:31.515: RADIUS:   cisco-nas-port     [2]   17 "FastEthernet1/0"
*Mar 1 00:21:31.515: RADIUS: NAS-Port-Type       [61] 6   X75                       [9]
*Mar 1 00:21:31.515: RADIUS: User-Name           [1]   6   "user"
*Mar 1 00:21:31.515: RADIUS: Calling-Station-Id [31] 19 "08-00-27-B1-B3-32"
*Mar 1 00:21:31.515: RADIUS: Service-Type        [6]   6   Framed                    [2]
*Mar 1 00:21:31.515: RADIUS: Framed-MTU          [12] 6   1500
*Mar 1 00:21:31.515: RADIUS: EAP-Message         [79] 11
*Mar 1 00:21:31.515: RADIUS:   02 1D 00 09 01 75 73 65 72                       [?????user]
*Mar 1 00:21:31.515: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.515: RADIUS:   B1 8B 8F 4C F1 6D C9 A6 4E 96 B8 3D 53 E9 41 12 [???L?m??N??=S?A?]
*Mar 1 00:21:31.555: RADIUS: Received from id 1645/3 10.10.0.2:1645, Access-Challenge, len 93
*Mar 1 00:21:31.555: RADIUS: authenticator DF 38 A1 1B ED 3C 1E B2 - 1A 92 6A D5 58 CE B8 4A
*Mar 1 00:21:31.555: RADIUS: EAP-Message         [79] 28
*Mar 1 00:21:31.555: RADIUS:   01 1E 00 1A 04 10 BE BA B4 B0 26 9D 52 0E 43 BC [??????????&?R?C?]
*Mar 1 00:21:31.555: RADIUS:   33 46 8E A8 C6 45 47 4E 53 33                    [3F???EGNS3]
*Mar 1 00:21:31.555: RADIUS: State               [24] 27
*Mar 1 00:21:31.555: RADIUS:   45 41 50 3D 30 2E 31 66 66 2E 39 38 36 2E 31 3B [EAP=0.1ff.986.1;]
*Mar 1 00:21:31.559: RADIUS:   53 56 43 3D 30 2E 31 35 3B                       [SVC=0.15;]
*Mar 1 00:21:31.559: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.559: RADIUS:   22 C8 D5 BB 44 FC FC 14 D3 2C C9 42 A3 9B A4 9E ["???D????,?B????]
*Mar 1 00:21:31.563: RADIUS: Found 26 bytes of EAP data in reply (ofs 0)
*Mar 1 00:21:31.563: RADIUS: Received 26 byte EAP Message in reply
*Mar 1 00:21:31.587: RADIUS: Pick NAS IP for u=0x65BAF324 tableid=0 cfg_addr=0.0.0.0
*Mar 1 00:21:31.587: RADIUS: ustruct sharecount=1
*Mar 1 00:21:31.587: Radius: radius_port_info() success=1 radius_nas_port=1
*Mar 1 00:21:31.587: RADIUS: added cisco VSA 2 len 15 "FastEthernet1/0"
*Mar 1 00:21:31.591: RADIUS: Request contains 26 byte EAP-message
*Mar 1 00:21:31.591: RADIUS: Added 26 bytes of EAP data to request
*Mar 1 00:21:31.591: RADIUS/ENCODE: Best Local IP-Address 10.10.0.253 for Radius-Server 10.10.0.2
*Mar 1 00:21:31.591: RADIUS(00000000): Send Access-Request to 10.10.0.2:1645 id 1645/4, len 171
*Mar 1 00:21:31.591: RADIUS: authenticator 0A A2 1F 7C 12 A8 AB F7 - 9F 87 C6 51 A4 0D EA A2
*Mar 1 00:21:31.595: RADIUS: NAS-IP-Address      [4]   6   10.10.0.253
*Mar 1 00:21:31.595: RADIUS: NAS-Port            [5]   6   0
*Mar 1 00:21:31.595: RADIUS: Vendor, Cisco       [26] 23
*Mar 1 00:21:31.595: RADIUS:   cisco-nas-port     [2]   17 "FastEthernet1/0"
*Mar 1 00:21:31.595: RADIUS: NAS-Port-Type       [61] 6   X75                       [9]
*Mar 1 00:21:31.595: RADIUS: User-Name           [1]   6   "user"
*Mar 1 00:21:31.595: RADIUS: Calling-Station-Id [31] 19 "08-00-27-B1-B3-32"
*Mar 1 00:21:31.595: RADIUS: Service-Type        [6]   6   Framed                    [2]
*Mar 1 00:21:31.595: RADIUS: Framed-MTU          [12] 6   1500
*Mar 1 00:21:31.595: RADIUS: State               [24] 27
*Mar 1 00:21:31.595: RADIUS:   45 41 50 3D 30 2E 31 66 66 2E 39 38 36 2E 31 3B [EAP=0.1ff.986.1;]
*Mar 1 00:21:31.595: RADIUS:   53 56 43 3D 30 2E 31 35 3B                       [SVC=0.15;]
*Mar 1 00:21:31.595: RADIUS: EAP-Message         [79] 28
*Mar 1 00:21:31.595: RADIUS:   02 1E 00 1A 04 10 AA 09 8E 39 DE 29 E4 CC C6 BC [?????????9?)????]
*Mar 1 00:21:31.595: RADIUS:   7F 01 C8 47 EC 74 75 73 65 72                    [???G?tuser]
*Mar 1 00:21:31.595: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.595: RADIUS:   33 57 82 E2 5C 24 A2 8C 67 CC 0D 8C 25 12 74 13 [3W??\$??g?????t?]
*Mar 1 00:21:31.731: RADIUS: Received from id 1645/4 10.10.0.2:1645, Access-Accept, len 90
*Mar 1 00:21:31.731: RADIUS: authenticator A0 0E DF D7 87 FD 9E B6 - BB 64 04 4F 56 2A 03 89
*Mar 1 00:21:31.735: RADIUS: Framed-IP-Address   [8]   6   255.255.255.255
*Mar 1 00:21:31.735: RADIUS: EAP-Message         [79] 6
*Mar 1 00:21:31.735: RADIUS:   03 1E 00 04                                      [????]
*Mar 1 00:21:31.735: RADIUS: Tunnel-Type         [64] 6   01:VLAN                   [13]
*Mar 1 00:21:31.739: RADIUS: Tunnel-Medium-Type [65] 6   01:ALL_802                [6]
*Mar 1 00:21:31.739: RADIUS: Tunnel-Private-Group[81] 6   01:"100"
*Mar 1 00:21:31.739: RADIUS: Class               [25] 22
*Mar 1 00:21:31.739: RADIUS:   43 41 43 53 3A 30 2F 35 62 31 2F 61 30 61 30 30 [CACS:0/5b1/a0a00]
*Mar 1 00:21:31.739: RADIUS:   66 64 2F 30                                      [fd/0]
*Mar 1 00:21:31.739: RADIUS: Message-Authenticato[80] 18
*Mar 1 00:21:31.739: RADIUS:   75 BC F2 E0 91 07 6C 12 4D 5C BB 50 A4 FD D3 26 [u?????l?M\?P???&]
*Mar 1 00:21:31.739: RADIUS: Found 4 bytes of EAP data in reply (ofs 0)
*Mar 1 00:21:31.739: RADIUS: Received 4 byte EAP Message in reply
As a result the vlan-switch data based does not change.
Any help will be appreciated!
Thanks a lot,
Chelovekov Alexander

I've tried multiple ways to cope with this problem but nothing was helpfull...
Tunnel-Medium-Type [65] 6   01:ALL_802
I use only ACS Radius attributes and chose ony what ACS allows me to choose (Tunnel-medium-type: 802).
Screenshot n attachment.
The same situation occurs when i try to use some Vendor Specific Attributes (Cisco-AV-Pair) - downloadable ACEs to my user, and again, i see Radius attributes in my debug but nothing is applied to my L3 Switch.
What am i missing?

Brush's radius problem Please help!

Hello everyone.
I am about to edit a photo which is RGB 8bit and I am expanding the background and putting few body figure toghetehr but I just noticed that when I use my brush in low opacity it leaves the brush's radius and I can see them in the art. see the below
It makes me so confuse and I need you suggestion how can I fix this problem.
I am using CS6 photoshop and working in PSD and save them in PSD as well. the wired thing is when I save the image in JPG and use the brush it deosnt leave that much of weird spots. Do I need to change the Color mod? Brush? Please help this thing gets more annoying when I save it in PDF.
Thanks!!

You just picked a bad day to be testing it, though it's better that you did... What day is Saturday numerically? What is that +1.
You should be able to just change your logic to check what today is (0 thru 6) and then if today is Saturday (6)... you assign Sunday as the answer in your switch...
var weekDay=currentDate.getDay();
switch (weekDay){
case(0):weekDay_string="Monday"; break;
case(1):weekDay_string="Tuesday"; break;
case(2):weekDay_string="Wednesday"; break;
case(3):weekDay_string="Thursday "; break;
case(4):weekDay_string="Friday"; break;
case(5):weekDay_string="Saturday "; break;
case(6):weekDay_string="Sunday"; break;}

Radius problems/ichain

we have Nw6.5 SP2 with radius files from ichain 2.3 CD(overwrite all)
with the nmas patch
nmas V2.6.8
radius v4.15
problems:
1.were getting radius client unknown (radius nlm does load but wont
unload, just hangs)
2. i can only get nwadmin to save the client details in the DAS object
C1 just wont save it- ive tried V136c,136,135 and the server version
which errors with
"waiting for reading vendor list from attribute file" however the
radius.atr file does exist
3. not sure if this is relevant here but vasco token wont assign to a user
errors with "unable to write configuration data"
thanks for help

well for no reason at all it started working with C1 locally 2 days later !
weird
Also if I assign a DAS object to a container and all users underneath are
told to inherit the DAS from the container settings
then I wont have to configure each user object ? This doesnt sem to inherit
for some reason.
Is the Radus.nlm form the ichain 2.3 auth CD good enough for a NW6.5 SP2
server or is
there an update
Thanks?
"Scott Kiester" <[email protected]> wrote in message
news:bYq%[email protected]...
> Your first and third items could be due to an inconsistent or missing tree
> key. You can use SDIDIAG to troubleshoot and correct tree key issues.
> SDIDIAG is available as a free download from the support site.
>
> Your second issue is due to a bug in the RADIUS ConsoleOne snapin. The
> problem should go away if you run ConsoleOne from your local workstation,
> instead of running it from a drive mapped to the server. The snapin uses a
> very inefficient method of parsing the radius.atr file, which requires it
to
> do several seeks for each record that is processed. When ConsoleOne has to
> go over the network to access the file, it can take a very long time to
> parse (10-15 minutes in my experience).
>
> Also, don't administer NMAS RADIUS with NWAdmin. NWAdmin is for BMAS 3.7
and
> older BMAS servers only. (BMAS 3.8 is NMAS RADIUS, and therefore uses
> ConsoleOne.)
>
> >>> <[email protected]> 09/07/04 7:12 AM >>>
> we have Nw6.5 SP2 with radius files from ichain 2.3 CD(overwrite all)
> with the nmas patch
> nmas V2.6.8
> radius v4.15
>
> problems:
> 1.were getting radius client unknown (radius nlm does load but wont
> unload, just hangs)
> 2. i can only get nwadmin to save the client details in the DAS object
> C1 just wont save it- ive tried V136c,136,135 and the server version
> which errors with
> "waiting for reading vendor list from attribute file" however the
> radius.atr file does exist
> 3. not sure if this is relevant here but vasco token wont assign to a user
> errors with "unable to write configuration data"
>
> thanks for help
>
>

Router Radius Problem

I am having a problem with setting up a 2600 router to use our radius server. I have a switch working on the same radius server however the router will not work. I am able to login locally, however it doesn't ever authenticate with the radius server. Please let me know how to fix this problem, thank you for your help.
aaa new-model
aaa authentication login admin group radius local
aaa authorization exec both local
aaa session-id common
radius-server host 10.0.x.xx auth-port 1645 acct-port 1646 key *****
line vty 0 4
password 7 *******
login authentication admin
transport input telnet

Peter
There are several ways to approach this problem. I would suggest first checking to see if the server is seeing the authentication request. Can you look in the logs of the server and determine whether the authentication request is received? If it is received is it authenticated successfully or is it denied?
There are several common problems which may produce symptoms similar to what you describe. - there is a possibility that the router is not configured with the correct address for the server.
- there is a possibility that something along the way (and access list or a firewall) is not permitting the packet to get to the server.
- there is a possibility that the server sees the request but that the source ip address of the request is not the source address that the server expects.
- there is a possibility that the server sees the request but that there is a mismatch in the key value which is shared by the server and the router.
so please check on the things that I have asked. If they do not produce the solution we will figure some way to troubleshoot this.
HTH
Rick

RV220W - VPN PPP & RDP problem

Hello!
This is my first post here, so welcome!
I have purchased RV220W router and implemented into the existing netowork. Everything seems to work fine except logging into rdp desktops of wxp's on the local network in the office.
I'm not using router's VPN capabilities. I have made a connection through one of the WXP's VPN locally in the office. I login with password as PPP connection. Everything works fine, but I can only connect through RDP to the machine that is making the connection by "VPN IP". I cannot login to any IP that is local in the office. I can not ping either.
We are using also Macs and the same problem is when connecting with ScreenSharing and pinging.
It is definitely something to be set on the router.
If you have any idea, I would apprecite your help!

Hi again!
After reading similar post I found a "solution".
I have manually put actual RV220W IP as router ip (except of the ip of the XP that is making the vpn connection) on the computer I'm connected to VPN and now it's working fine.
Anyway, thanks for approving this thread.
Cheers,
Adam

Wpa peap radius problem

Hi,
i try to setup wpa with peap user auth with a 1130 AP and cisco secure acs 4.2 server.
auth keeps failing and I even don't see failes attempts in my acs server. The AP is in the AAA section of the ACS and the have the same shared secret.
The ACS server is working corectly because I use it the authenticate users to log in the the routers
I enabled all possible authentication methods but no luck.
I use the windows xp suplicant and even tried with funk software.
in the dot11 authenticator debug i can't see any radius lines see attached file
can anybody help me out ?

Is this Aironet or LWAPP?
In aironet, there is a way to test authentication via the access points..."test aaa radius " or something like that...sorry I forget since I converted to LWAPP..
Also, make sure the DB (LDAP/AD,etc..) is configured and mapped correctly in ACS but you should see something like "NAS errors" or DB errors in ACS if the access points were somewhat communicating with ACS..
Post the configs if you can...

3G config problem

HI guys:
i have config the Cisco 881GC-W with PCEX-3G-HSPA card
i have not create the 3G connect to internet
here is debug :
debug ppp chat
debug ppp negotiation
3G_Test#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
*Aug 19 08:43:01.659: CHAT3: Attempting async line dialer script
*Aug 19 08:43:01.659: CHAT3: Dialing using Modem script: gsm & System script: none
*Aug 19 08:43:01.659: CHAT3: process started
*Aug 19 08:43:01.659: CHAT3: Asserting DTR
*Aug 19 08:43:01.663: CHAT3: Chat script gsm started
*Aug 19 08:43:01.663: CHAT3: Sending string: ATDT#777
*Aug 19 08:43:01.663: CHAT3: Chat script gsm finished, status = Success.
*Aug 19 08:43:04.731: %LINK-3-UPDOWN: Interface Cellular0, changed state to up.
Success rate is 0 percent (0/5)
3G_Test#
*Aug 19 08:43:04.731: Ce0 PPP: Using dialer call direction
*Aug 19 08:43:04.731: Ce0 PPP: Treating connection as a callout
*Aug 19 08:43:04.731: Ce0 PPP: Session handle[27000040] Session id[22]
*Aug 19 08:43:04.731: Ce0 PPP: Phase is ESTABLISHING, Active Open
*Aug 19 08:43:04.731: Ce0 PPP: Authorization required
*Aug 19 08:43:04.731: Ce0 PPP: No remote authentication for call-out
*Aug 19 08:43:04.731: Ce0 LCP: O CONFREQ [Closed] id 211 len 20
*Aug 19 08:43:04.731: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:04.731: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:04.731: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:04.731: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:06.715: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:06.715: Ce0 LCP: O CONFREQ [REQsent] id 212 len 20
*Aug 19 08:43:06.715: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:06.715: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:06.715: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:06.715: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:08.731: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:08.731: Ce0 LCP: O CONFREQ [REQsent] id 213 len 20
*Aug 19 08:43:08.731: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:08.731: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:08.731: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:08.731: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:10.747: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:10.747: Ce0 LCP: O CONFREQ [REQsent] id 214 len 20
*Aug 19 08:43:10.747: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:10.747: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:10.747: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:10.747: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:12.763: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:12.763: Ce0 LCP: O CONFREQ [REQsent] id 215 len 20
*Aug 19 08:43:12.763: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:12.763: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:12.763: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:12.763: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:14.779: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:14.779: Ce0 LCP: O CONFREQ [REQsent] id 216 len 20
*Aug 19 08:43:14.779: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:14.779: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:14.779: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:14.779: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:16.795: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:16.795: Ce0 LCP: O CONFREQ [REQsent] id 217 len 20
*Aug 19 08:43:16.795: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:16.795: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:16.795: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:16.795: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:18.811: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:18.811: Ce0 LCP: O CONFREQ [REQsent] id 218 len 20
*Aug 19 08:43:18.811: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:18.811: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:18.811: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:18.811: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:20.827: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:20.827: Ce0 LCP: O CONFREQ [REQsent] id 219 len 20
*Aug 19 08:43:20.827: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:20.827: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:20.827: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:20.827: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:22.843: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:22.843: Ce0 LCP: O CONFREQ [REQsent] id 220 len 20
*Aug 19 08:43:22.843: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Aug 19 08:43:22.843: Ce0 LCP:    MagicNumber 0x2710E450 (0x05062710E450)
*Aug 19 08:43:22.843: Ce0 LCP:    PFC (0x0702)
*Aug 19 08:43:22.843: Ce0 LCP:    ACFC (0x0802)
*Aug 19 08:43:24.859: Ce0 LCP: Timeout: State REQsent
*Aug 19 08:43:24.859: Ce0 PPP: Sending Acct Event[Down] id[1A]
*Aug 19 08:43:24.859: Ce0 LCP: State is Closed
*Aug 19 08:43:24.859: Ce0 PPP: Phase is DOWN
*Aug 19 08:43:24.859: Ce0 LCP: State is Listen
*Aug 19 08:43:26.859: %LINK-5-CHANGED: Interface Cellular0, changed state to reset
*Aug 19 08:43:26.859: Ce0 LCP: State is Closed
*Aug 19 08:43:31.931: %LINK-3-UPDOWN: Interface Cellular0, changed state to down
3G_Test#
3G_Test#
it may be a ppp link problem,because Chat script gsm finished, status = Success,but i dont't understand why cell 0 didn't UP
here is my config:
chat-script gsm "" "ATDT#777"
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname card
ppp chap password 0 card
ppp ipcp dns request
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Cellular0
ip http server
ip http secure-server
ip nat inside source list 1 interface Cellular0 overload
access-list 1 permit any
dialer-list 1 protocol ip list 1
control-plane
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line 3
script dialer gsm
no exec
line vty 0 4
login
anyone can help me ?thanks!

Hi,
I have not an solution but rather a similar problem with that kind of hardware (881GW with PCEX-3G-HSPA). I have a working config for only *one* successful 3G dial-in: after losing the established 3G connection (e.g. forcing a "clear int dial 1"), the router can not re-establish the 3G connection until I reboot the device. It seems that the communication between IOS and the modem is some kind of damaged:
Config:
=====
chat-script GSM "" AT OK "ATDT*99*1#"
interface Cellular0
no ip address
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer pool-member 1
async mode interactive
no ppp lcp fast-start
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string GSM
dialer-group 1
no ppp lcp fast-start
ppp chap refuse
ppp pap sent-username USER password TEST
ip route 0.0.0.0 0.0.0.0 Dialer1
dialer-list 1 protocol ip permit
line 3
exec-timeout 0 0
script dialer GSM
modem InOut
no exec
1st login - successful:
================
*Nov 10 16:28:40.955: Ce0 DDR: rotor dialout [best] least recent failure is also most recent failure
*Nov 10 16:28:40.955: Ce0 DDR: rotor dialout [best] trying untried dialout
*Nov 10 16:28:40.955: Ce0 DDR: rotor dialout [best] also has most recent failure
*Nov 10 16:28:40.955: Ce0 DDR: rotor dialout [best]
*Nov 10 16:28:40.955: Ce0 DDR: Dialing cause ip (s=10.98.3.10, d=17.72.255.12)
*Nov 10 16:28:40.955: Ce0 DDR: Attempting to dial GSM
*Nov 10 16:28:40.955: CHAT3: Attempting async line dialer script
*Nov 10 16:28:40.955: CHAT3: Dialing using Modem script: GSM & System script: none
*Nov 10 16:28:40.955: CHAT3: process started
*Nov 10 16:28:40.955: CHAT3: Asserting DTR
*Nov 10 16:28:40.959: CHAT3: Chat script GSM started
*Nov 10 16:28:40.959: CHAT3: Sending string: AT
*Nov 10 16:28:40.959: CHAT3: Expecting string: OK
*Nov 10 16:28:40.963: CHAT3: Completed match for expect: OK
*Nov 10 16:28:40.963: CHAT3: Sending string: ATDT*99*1#
*Nov 10 16:28:40.963: CHAT3: Chat script GSM finished, status = Success
*Nov 10 16:28:42.039: TTY3: no timer type 1 to destroy
*Nov 10 16:28:42.039: TTY3: no timer type 0 to destroy
*Nov 10 16:28:42.039: TTY3: no timer type 2 to destroy
*Nov 10 16:28:44.039: %LINK-3-UPDOWN: Interface Cellular0, changed state to up
*Nov 10 16:28:44.039: Ce0 DDR: Dialer statechange to up
*Nov 10 16:28:44.039: %DIALER-6-BIND: Interface Ce0 bound to profile Di1
*Nov 10 16:28:44.039: Ce0 DDR: Dialer call has been placed
*Nov 10 16:28:44.039: Ce0 PPP: Sending cstate UP notification
*Nov 10 16:28:44.039: Ce0 PPP: Processing CstateUp message
*Nov 10 16:28:44.067: PPP: Alloc Context [84DAA350]
*Nov 10 16:28:44.067: ppp1 PPP: Phase is ESTABLISHING
*Nov 10 16:28:44.067: ppp1 PPP: Using AAA Unique Id = D
*Nov 10 16:28:44.067: Ce0 PPP: Authorization required
*Nov 10 16:28:44.067: Ce0 PPP: Using dialer call direction
*Nov 10 16:28:44.067: Ce0 PPP: Treating connection as a callout
*Nov 10 16:28:44.067: Ce0 PPP: Session handle[FE000001] Session id[1]
*Nov 10 16:28:44.067: Ce0 LCP: Event[OPEN] State[Initial to Starting]
*Nov 10 16:28:44.071: Ce0 PPP: No remote authentication for call-out
*Nov 10 16:28:44.071: Ce0 LCP: O CONFREQ [Starting] id 1 len 20
*Nov 10 16:28:44.071: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Nov 10 16:28:44.071: Ce0 LCP:    MagicNumber 0x4C781BD5 (0x05064C781BD5)
*Nov 10 16:28:44.071: Ce0 LCP:    PFC (0x0702)
*Nov 10 16:28:44.071: Ce0 LCP:    ACFC (0x0802)
*Nov 10 16:28:44.071: Ce0 LCP: Event[UP] State[Starting to REQsent]
*Nov 10 16:28:44.079: Ce0 LCP: I CONFACK [REQsent] id 1 len 20
*Nov 10 16:28:44.079: Ce0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Nov 10 16:28:44.079: Ce0 LCP:    MagicNumber 0x4C781BD5 (0x05064C781BD5)
*Nov 10 16:28:44.079: Ce0 LCP:    PFC (0x0702)
*Nov 10 16:28:44.079: Ce0 LCP:    ACFC (0x0802)
*Nov 10 16:28:47.971: Ce0 IPCP: O CONFREQ [ACKsent] id 4 len 10
*Nov 10 16:28:47.971: Ce0 IPCP:    Address 10.99.17.58 (0x03060A63113A)
*Nov 10 16:28:47.971: Ce0 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Nov 10 16:28:48.027: Ce0 IPCP: I CONFACK [ACKsent] id 4 len 10
*Nov 10 16:28:48.027: Ce0 IPCP:    Address 10.99.17.58 (0x03060A63113A)
*Nov 10 16:28:48.027: Ce0 IPCP: Event[Receive ConfAck] State[ACKsent to Open]
*Nov 10 16:28:48.027: Ce0 IPCP: State is Open
*Nov 10 16:28:48.027: Di1 IPCP: Install negotiated IP interface address 10.99.17.58
*Nov 10 16:28:48.031: Ce0 DDR: dialer protocol up1#
--> Now I do a "clear int dial 1":
2nd and all further logins - failure:
========================
*Nov 10 17:37:53.467: Ce0 DDR: rotor dialout [best] least recent failure is also most recent failure
*Nov 10 17:37:53.467: Ce0 DDR: rotor dialout [best] also has most recent failure
*Nov 10 17:37:53.467: Ce0 DDR: rotor dialout [best]
*Nov 10 17:37:53.467: Ce0 DDR: Dialing cause ip (s=10.98.3.10, d=10.99.16.254)
*Nov 10 17:37:53.467: Ce0 DDR: Attempting to dial GSM
*Nov 10 17:37:53.467: CHAT3: Attempting async line dialer script
*Nov 10 17:37:53.467: CHAT3: Dialing using Modem script: GSM & System script: none
*Nov 10 17:37:53.471: CHAT3: process started
*Nov 10 17:37:53.471: CHAT3: Asserting DTR
*Nov 10 17:37:53.471: CHAT3: Chat script GSM started
*Nov 10 17:37:53.475: CHAT3: Sending string: AT
*Nov 10 17:37:53.475: CHAT3: Expecting string: OK
*Nov 10 17:37:58.475: CHAT3: Timeout expecting: OK
*Nov 10 17:37:58.475: CHAT3: Chat script GSM finished, status = Connection timed out; remote host not responding
*Nov 10 17:37:58.475: TTY3: Line reset by "Async dialer"
*Nov 10 17:37:58.475: Ce0 DDR: disconnecting call
*Nov 10 17:37:58.475: TTY3: dropping DTR
*Nov 10 17:37:59.475: TTY3: asserting DTR
*Nov 10 17:37:59.475: TTY3: Modem: (unknown)->READY
Maybe somone has some clue how this can happen?
Gerald

Cisco AAA authentication with windows radius server

Cisco - Windows Radius problems
I need to created a limited access group through radius that I can have new network analysts log into
and not be able to commit changes or get into global config.
Here are my current radius settings
aaa new-model
aaa group server radius IAS
server name something.corp
aaa authentication login USERS local group IAS
aaa authorization exec USERS local group IAS
radius server something.corp
address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
key mypassword
line vty 0 4
access-class 1 in
exec-timeout 0 0
authorization exec USERS
logging synchronous
login authentication USERS
transport input ssh
When I log in to the switch, the radius server is passing the corrrect attriubute
***Jan 21 13:59:51.897: RADIUS:   Cisco AVpair       [1]   18 "shell:priv-lvl=7"
The switch is accepting it and putting you in the correct priv level.
***Radius-Test#sh priv
   Current privilege level is 7
I am not sure why it logs you in with the prompt for privileged EXEC mode when
you are in priv level 7. This shows that even though it looks like your in priv exec
mode, you are not.
***Radius-Test#sh run
                ^
   % Invalid input detected at '^' marker.
   Radius-Test#
Now this is where I am very lost.
I am in priv level 7, but as soon as I use the enable command It moves me up to 15, and that gives me access to
global config mode.
***Radius-Test#enable
   Radius-Test#
Debug log -
Jan 21 14:06:28.689: AAA/MEMORY: free_user (0x2B46E268) user='reynni10'
ruser='NULL' port='tty390' rem_addr='10.100.158.83' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
Now it doesnt matter that I was given priv level 7 by radius because 'enable' put me into priv 15
***Radius-Test#sh priv
   Current privilege level is 15
   Radius-Test#
I have tried to set
***privilege exec level 15 enable
It works and I am no longer able to use 'enable' when I am at prv level 7, but I also cannot get the commands they will need to work.
Even if I try to do
***privilege exec level 7 show running-config (or other variations)
It will allow you to type sh run without errors, but it doest actually run the command.
What am I doing wrong?
I also want to get PKI working with radius.

I can run a test on my radius system, will report back accordingly, as it's a different server than where I am currently located.
Troubleshooting, have you deleted the certificate/network profile on the devices and started from scratch?

Pin radius vicinity issues

Hi,
This problem below got caught up on another thread with a different problem, thought best to start a new thread for it.
My particular problem here comes from user manipulation via Manage Your Places of the radius of pins. It is slow, it is jerky and it is buggy and what it did some weeks back was jump on one particular pin and expand it to cover the entire world which basically overwrote every other location I had set. Why it would overwrite these without the user changing the settings for said pictures themselves is absolute stupidity, but I digress.
Rebuilding libraries etc. is not going to retract the radius of that circle I am assuming and restore all of the original locations I had. Anyway, I took a deep breath and decided to approach places a little differently and have a lot less specific places. Before I might have had 15 photo locations for a town, now the pics will come under just the town name.
So I have been going through renaming one of the fifteen pins (just from this one town as an example) as the town name, expanding it to cover the area the 15 covered then I delete off the other 14 as places. Time consuming and laborious but I see an eventual sensible outcome from it and in theory quicker to rename all my lost places.
The problem is that the radius issue keeps happening, half a dozen times in the past 3 or 4 days alone and this meant that roughly 2500 pics I had relabelled were once again overwritten with the location of the pin with the expanded radius. And I'm back to square one.
So is there any workaround for this particular Places problem?
Thanks,
C.

@Craig,
I am not sure to what extent less specific places "solves" the problem, which seems to be the radius that a pin receives when placed on the map for the first time. It seems to be a value determined by Google, is not displayed in the teeny-weeny Assign a Place... dialog, and cannot be modified until it has or has not overlapped other custom places. So, while the probability of overlap might be somewhat reduced by less specific places, the inconvenience it causes is increased. I have noticed that Google defines a region named "Aletschgletscher" or "Jungfrau Aletsch" (working from memory here), which has a rather large radius due to the very irregular shape of the glacier, and that pins defined for towns in the Obergoms region, e.g., Blitzingen, Niederwald, Oberwald, Ulrichen, etc., often assumed the very large radius of the Aletsch Glacier. Besides, I'm wondering why on earth I should have to modify my use of this feature to accommodate Apple's stupid implementation of it. Nobody in Apple should even consider making the argument that this is how it should work. The legions of problems it causes is well documented in these forums, although, as we all know, Apple "isn't monitoring" them and hence, presumably, is quite unaware of them. And iPhoto 09 implemented Places completely differently -- the interface didn't have the eye-candy and "just magical" appeal of the present one, but it didn't cause the problems we're experiencing with Places in iPhoto 11.
My "solution" to the pin radius problem is:
Enter a character string in "Assign a Place..." and see what iPhoto suggests.
If you are tempted to select a suggestion that is a custom place of yours, do so only if you don't intend to modify its location or name. Doing so will have the same effect as modifying it in Manage My Places!
If you select a place suggested by Google, try to locate it sufficiently far away from other custom places (iPhoto no help here), and give it a name that you can easily recognize and distinguish from Google's suggestions in the future (cf. warning above).
Go directly to Manage My Places, find the new place, judge which existing places it overlaps, and note them down somewhere for the next step. Then reduce its radius and adjust its location.
Go into the Places view and select the new place. In all probability there will be photos at that place that don't belong there. Assign them to the correct place from the list you made in the step above.
Weep and gnash teeth as necessary. Regularly chant: "On a Mac it just works!" Keep stiff upper lip and imagine how much clumsier this must be in Windows.
Regards,
Richard

Ppp radius problem

Similar Messages

Maybe you are looking for