Pptp + vpdn-group from radius

Hi there,
i'm trying to setup cisco router to act like pptp concentrator.On this router, i think to terminate two kind of pptp connections:
- to core
- to colleagues
For this reason, i need to setup two vpdn-groups because , i need different local-ip addres for my CORE devices and other for the vpn clients (colleagues). My configuration is attached bellow
[snipped from running-config]
aaa new-model
aaa authentication ppp default group radius
aaa authorization network default group radius if-authenticated
vpdn enable
vpdn authen-before-forward
vpdn tunnel authorization network default
vpdn-group clients
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
session-limit 50
local name VPN-Router
vpdn-group core
accept-dialin
protocol pptp
virtual-template 2
session-limit 5
local name border
interface Virtual-Template1
description PPTP Clients interface
ip address 192.168.25.100 255.255.255.0
ip mtu 1460
compress lzs
ppp encrypt mppe auto
ppp authentication chap ms-chap ms-chap-v2
interface Virtual-Template2
ip address 10.0.0.1 255.255.255.240
description Core devices
ip mtu 1460
load-interval 30
compress mppc
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2
[/snip]
To differing who is vpn client and which pptp needs to be considered as core link, i'm trying to setup Cisco AVPairs with radius like that:
border#test aaa group radius username password legacy
Attempting authentication test to server-group radius using radius
User was successfully authenticated.
Apr 12 2007 22:17:32.971 EEST: RADIUS: Pick NAS IP for u=0x43FE4A2C tableid=0 cfg_addr=radius.server.tld
Apr 12 2007 22:17:32.971 EEST: RADIUS: ustruct sharecount=1
Apr 12 2007 22:17:32.971 EEST: Radius: radius_port_info() success=0 radius_nas_port=1
Apr 12 2007 22:17:32.971 EEST: RADIUS(00000000): Send Access-Request to radius.server.tld:1812 id 1645/41, len 56
Apr 12 2007 22:17:32.971 EEST: RADIUS: authenticator 76 BC 13 6F 4B FC 5F 42 - 12 D1 E2 2F CE 47 A4 4F
Apr 12 2007 22:17:32.971 EEST: RADIUS: NAS-IP-Address [4] 6 my-router.ip.tld
Apr 12 2007 22:17:32.971 EEST: RADIUS: NAS-Port-Type [61] 6 Async [0]
Apr 12 2007 22:17:32.971 EEST: RADIUS: User-Name [1] 6 "main"
Apr 12 2007 22:17:32.971 EEST: RADIUS: User-Password [2] 18 *
Apr 12 2007 22:17:32.983 EEST: RADIUS: Received from id 1645/41 radius.server.tld:1812, Access-Accept, len 67
Apr 12 2007 22:17:32.983 EEST: RADIUS: authenticator 16 10 FD 06 97 57 32 35 - 16 B0 B8 E7 5A E3 4A BD
Apr 12 2007 22:17:32.983 EEST: RADIUS: Framed-Protocol [7] 6 PPP [1]
Apr 12 2007 22:17:32.983 EEST: RADIUS: Framed-IP-Address [8] 6 10.0.0.13
Apr 12 2007 22:17:32.983 EEST: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.240
Apr 12 2007 22:17:32.983 EEST: RADIUS: Framed-MTU [12] 6 1460
Apr 12 2007 22:17:32.983 EEST: RADIUS: Vendor, Cisco [26] 23
Apr 12 2007 22:17:32.983 EEST: RADIUS: Cisco AVpair [1] 17 "vpdn:vpdn-group=core"
Apr 12 2007 22:17:32.983 EEST: RADIUS: saved authorization data for user 43FE4A2C at 440F71DC
So ... as you can see, there is Cisco AVPair, but my router didn't use it. The router still use the first available vpdn-group (clients) and use the Virtual-template 1 interface for this connection. Does anyone know why? I need to setup my router to read the AVpairs from radius reply message. Is it possible to do that at all?
Here is the radius Accept-Accept message sent to router:
Sending Access-Accept of id 43 to radius.server.tld:1645
Framed-Protocol = PPP
Framed-IP-Address = 10.0.0.13
Framed-IP-Netmask = 255.255.255.240
Framed-MTU = 1460
Cisco-AVPair = "vpdn:vpdn-group=core"
THanks in advance!

To use pptp/mppe, the Radius server must be able to return the MPPE_KEY_ATTRIBUTES to pix.
To debug the problem, you can trun on the debug for ppp:
debug ppp uauth
debug ppp error
Try this link:
http://www.cisco.com/warp/public/471/pptp_faq.html

Similar Messages

  • Vpdn-group configuration

    I am replacing a 2611 with a 2811, I am copying the setups from the old router, I have a question about the following.. on the old router there was no line in my config for l2tp - I do not seem to be able to find any configuration options for it - I don't nec want to get rid of it but want to mainly know how to config it and if the same options apply for pptp? I think I have gone into all of the listed options and put in "?" is l2tp missing from the help?
    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    l2tp tunnel password 7

    Which IOS version are you using? , if you are using lower version, need to upgrade to version 12.4(6)
    Sample VPN group configuration:
    vpdn-group 2
    ! Default L2TP VPDN group
    description L2TP for Dial
    accept-dialin
    protocol l2tp
    virtual-template 2
    l2tp tunnel password xxxxx

  • LNS to provide IP from Radius

    Hello:
    We currently use a 7301 router as an LNS and have it configured to use a local IP pool and dynamically assigns an IP address to connecting DSL modems.  We would like to start providing a static IP to a username that autheticates to a radius server. I was wondering what the LNS config should have to support receiving an IP address from the radius and not using the local pool on the router.  We want the LNS to take the IP address that radius would provide and send that to the dsl modem.
    If anyone could help with what config items are needed to support this I would appreciate it.  What we are seeing now is radius authenticates the user, sends the IP address in the FRAMED-IP but the LNS picks an IP address from the local pool and assigns it. Just wondering what we are missing here to make the 7301 assign the ip from radius.
    Thank you.
    aaa authentication ppp vpdn local group radius
    aaa authorization network vpdn group radius local
    aaa authorization configuration default group radius
    aaa accounting delay-start
    aaa accounting update periodic 5
    aaa accounting network default
    action-type start-stop
    group radius
    vpdn enable
    vpdn-group NAME-HERE
    ! Default L2TP VPDN group
    accept-dialin
      protocol l2tp
      virtual-template 1
    lcp renegotiation always
    l2tp tunnel password 7 XXXx
    l2tp tunnel framing capabilities all
    interface Virtual-Template1
    mtu 1492
    ip unnumbered Loopback0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip tcp adjust-mss 1392
    timeout absolute 1440 0
    peer default ip address pool dslpool
    ppp mtu adaptive
    ppp authentication pap vpdn
    ppp timeout idle 597600
    ip local pool dslpool x.x.x.x y.y.y.y

    Thank you for the suggestion.  I added debug radius and this is what was returned.  instead of the user getting the IP y.y.y.20 the next available IP in the DHCP local pool y.y.y.13 is assigned to the user instead. 
    Any other suggestions now that you are looking at ths output?
    Tor1-LNS1#test aaa group radius [email protected] password2 new-code
    User successfully authenticated
    Sep  3 01:57:59.682: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default'
    Sep  3 01:57:59.682: RADIUS/ENCODE(00000000):Orig. component type = INVALID
    Sep  3 01:57:59.682: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
    Sep  3 01:57:59.682: RADIUS(00000000): Config NAS IP: x.x.x.x
    Sep  3 01:57:59.682: RADIUS(00000000): sending
    Sep  3 01:57:59.682: RADIUS(00000000): Send Access-Request to x.x.x.x:1812 id 1645/49, len 65
    Sep  3 01:57:59.682: RADIUS:  authenticator 7E 70 CF 47 95 E5 89 1A - C3 10 3E 3E 18 9F 3B D2
    Sep  3 01:57:59.682: RADIUS:  User-Password       [2]   18  *
    Sep  3 01:57:59.682: RADIUS:  User-Name           [1]   21  "[email protected]"
    Sep  3 01:57:59.682: RADIUS:  NAS-IP-Address      [4]   6   y.y.y.y              
    Sep  3 01:57:59.710: RADIUS: Received from id 1645/49 x.x.x.x:1812, Access-Accept, len 68
    Sep  3 01:57:59.710: RADIUS:  authenticator AF CA 04 C3 A0 89 A5 69 - B7 33 6D A4 7E 56 B5 D9
    Sep  3 01:57:59.710: RADIUS:  Service-Type        [6]   6  
    Tor1-LNS1#Framed                    [2]
    Sep  3 01:57:59.710: RADIUS:  Idle-Timeout        [28]  6   86400                    
    Sep  3 01:57:59.710: RADIUS:  Framed-IP-Address   [8]   6   y.y.y.y.20             
    Sep  3 01:57:59.710: RADIUS:  Framed-IP-Netmask   [9]   6   255.255.255.255          
    Sep  3 01:57:59.710: RADIUS:  Framed-MTU          [12]  6   1500                     
    Sep  3 01:57:59.710: RADIUS:  Message-Authenticato[80]  18 
    Sep  3 01:57:59.710: RADIUS:   81 C4 3A 66 96 11 D3 E6 CF AD AF D2 A5 84 08 CA  [??:f????????????]
    Sep  3 01:57:59.710: RADIUS(00000000): Received from id 1645/49

  • Assigning DNS addresses from Radius on LNS

    Hi we have a router which acts as an LNS and authenticates LT2P sessions via radius assigning each to a tunnel interface and giving it an IP address, we would also like to assign DNS settings via radius, we are using steel belted radius which is capable of doing this but we can't seem to get it to work.
    What I believe are relevant sections of the config are below;
    Any help greatly appreciated.
    Thanks
    Matt
    version 12.2
    aaa new-model
    aaa authentication login default line
    aaa authentication ppp default group radius
    aaa authorization network default group radius
    aaa session-id common
    ip name-server 4.2.2.2
    vpdn enable
    vpdn-group conn
    accept-dialin
    protocol l2tp
    virtual-template 1
    terminate-from hostname G20
    local name wllns
    l2tp tunnel password 7 050703062F4D4A064B
    vpdn-group test_G30
    accept-dialin
    protocol l2tp
    virtual-template 1
    terminate-from hostname G30
    local name wllns
    l2tp tunnel password 7 06115E3349420C0A161B420C5D076724762121302E120912
    vpdn-group test_G40
    accept-dialin
    protocol l2tp
    virtual-template 1
    terminate-from hostname G10
    local name wllns
    l2tp tunnel password 7 131246000E0001393828783464215E08440A135355595D50
    interface Virtual-Template1
    ip unnumbered FastEthernet0/0
    no ip route-cache
    peer default ip address pool mypool
    ppp authentication chap
    ip local pool mypool 172.20.0.1 172.20.30.254
    radius-server host 172.21.0.252 auth-port 1645 acct-port 1646
    radius-server key test
    radius-server authorization permit missing Service-Type
    call rsvp-sync
    end

    Hi Matt,
    Use the following Cisco AVP in Radreply.
    Cisco-AVPair+=ip:dns-servers=x.x.x.x
    HTH
    Hitesh Vinzoda
    Please rate useful posts.

  • IP pool selection from RADIUS

    Hi,
    I'm trying to assign different ip addresses to each vpn client depending the group the belong to. To do so, I create three different pools locally to the router and configure the radius server to send the Cisco-AVPair=”ip:addr-pool=poolname”  attribute. The radius server is sending this attribute correctly but the router isn't using it. If I try with the Framed-IP-Address it works fine, but not for the pool.
    Here is the related router config:
    aaa new-model
    aaa authentication login RemoteUsers group radius
    aaa authorization network UsersGroup group radius
    aaa session-id common
    crypto isakmp policy 100
    encr aes 256
    authentication pre-share
    group 2
    crypto isakmp client configuration group Users
    key xxxx
    pool pool1
    acl UsersSplit
    crypto isakmp profile UsersProfile
       match identity group Users
       client authentication list RemoteUsers
       isakmp authorization list UsersGroup
       client configuration address respond
       virtual-template 1
    crypto ipsec transform-set Transf-Users esp-aes esp-sha-hmac
    mode transport
    crypto ipsec profile Prof-Users
    set transform-set Transf-Users
    set isakmp-profile UsersProfile
    ip local pool pool1 192.168.110.10 192.168.110.20
    ip local pool pool2 192.168.120.10 192.168.120.20
    ip local pool pool3 192.168.130.10 192.168.130.20
    Freeradius config:
    testuser Auth-Type := Local, User-Password == "testpass"
    Service-Type = Framed-User,
    Framed-Protocol = PPP,
    cisco-avpair = "ip:addr-pool=pool1",
    Without enabling authorization, testuser connects succesfully, but after I enable authorization to instruct the router to accept pool configuration, it automatically authenticate using the isakmp Users user, without asking for the real vpn testuser client and the connection fails.
    Is authorization essential? Using authentication I can assign ip addresses from Radius.
    I also used the Framed-IP-Pool value without success.
    What I'm missing?
    Thanks in advance.

    Hi Jatin,
    Thanks for your quick reply. Here is the new configuration and the debugs. I'm using IOS c890-universalk9-mz.152-1.T.bin and Cisco VPN client 5.0.07.0290 version.
    IOS Configuration with authorization and accounting enabled:
    aaa new-model
    aaa authentication login RemoteUsers group radius
    aaa authorization network UsersGroup group radius
    aaa accounting network default
    aaa session-id common
    IOS Debugs:
    Jun  4 21:20:46.133: AAA/BIND(00000010): Bind i/f
    Jun  4 21:20:46.149: AAA/AUTHOR (0x10): Pick method list 'UsersGroup'
    Jun  4 21:20:46.153: RADIUS/ENCODE(00000010):Orig. component type = VPN IPSEC
    Jun  4 21:20:46.153: RADIUS:  AAA Unsupported Attr: interface         [222] 11
    Jun  4 21:20:46.153: RADIUS:   31 30 2E 31 34 2E 31 34 2E         [ 10.14.14.]
    Jun  4 21:20:46.153: RADIUS(00000010): Config NAS IP: 0.0.0.0
    Jun  4 21:20:46.153: RADIUS(00000010): Config NAS IPv6: ::
    Jun  4 21:20:46.153: RADIUS/ENCODE(00000010): acct_session_id: 6
    Jun  4 21:20:46.153: RADIUS(00000010): sending
    Jun  4 21:20:46.153: RADIUS/ENCODE: Best Local IP-Address 10.14.14.30 for Radius-Server 10.14.14.17
    Jun  4 21:20:46.153: RADIUS(00000010): Send Access-Request to 10.14.14.17:1812 id 1645/4, len 98
    Jun  4 21:20:46.153: RADIUS:  authenticator 01 A1 34 BE 06 3D C2 C5 - 4F EE 98 D7 47 4D BF AB
    Jun  4 21:20:46.153: RADIUS:  User-Name           [1]   10  "Users"
    Jun  4 21:20:46.153: RADIUS:  User-Password       [2]   18  *
    Jun  4 21:20:46.153: RADIUS:  Calling-Station-Id  [31]  13  "10.14.14.17"
    Jun  4 21:20:46.153: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
    Jun  4 21:20:46.153: RADIUS:  NAS-Port            [5]   6   0
    ruc#
    Jun  4 21:20:46.153: RADIUS:  NAS-Port-Id         [87]  13  "10.14.14.30"
    Jun  4 21:20:46.153: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
    Jun  4 21:20:46.153: RADIUS:  NAS-IP-Address      [4]   6   10.14.14.30
    Jun  4 21:20:46.153: RADIUS(00000010): Sending a IPv4 Radius Packet
    Jun  4 21:20:46.153: RADIUS(00000010): Started 5 sec timeout
    ruc#
    Jun  4 21:20:48.205: RADIUS: Received from id 1645/4 10.14.14.17:1812, Access-Reject, len 20
    Jun  4 21:20:48.205: RADIUS:  authenticator 2A B6 91 42 DF 70 2B 89 - AF D5 59 82 31 3B EA 53
    Jun  4 21:20:48.205: RADIUS(00000010): Received from id 1645/4
    As you can see, the router authenticates automatically using the Users user configured under at the isakmp client configuration group. The VPN client software does not prompt for the real user account and fails. Why the router is not asking for the user? I was expecting the router performs authentication first and authorization later. Take a look at the FreeRadius debug:
    FreeRadius debug:
    Ready to process requests.
    rad_recv: Access-Request packet from host 10.14.14.30:1645, id=4, length=98
            User-Name = "Users"
            User-Password = "cisco"  <--Where does this password comes from?!
            Calling-Station-Id = "10.14.14.17"
            NAS-Port-Type = Virtual
            NAS-Port = 0
            NAS-Port-Id = "10.14.14.30"
            Service-Type = Dialout-Framed-User
            NAS-IP-Address = 10.14.14.30
      Processing the authorize section of radiusd.conf
    modcall: entering group authorize for request 0
      modcall[authorize]: module "preprocess" returns ok for request 0
    radius_xlat:  '../var/log/radius/radacct/10.14.14.30/auth-detail-20130604.log'
    rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.lo
    g expands to ../var/log/radius/radacct/10.14.14.30/auth-detail-20130604.log
      modcall[authorize]: module "auth_log" returns ok for request 0
      modcall[authorize]: module "chap" returns noop for request 0
      modcall[authorize]: module "mschap" returns noop for request 0
        rlm_realm: No '@' in User-Name = "Users", looking up realm NULL
        rlm_realm: No such realm "NULL"
      modcall[authorize]: module "suffix" returns noop for request 0
      rlm_eap: No EAP-Message, not doing EAP
      modcall[authorize]: module "eap" returns noop for request 0
        users: Matched entry DEFAULT at line 188
      modcall[authorize]: module "files" returns ok for request 0
    rlm_pap: WARNING! No "known good" password found for the user.  Authentication m
    ay fail because of this.
      modcall[authorize]: module "pap" returns noop for request 0
    modcall: leaving group authorize (returns ok) for request 0
      rad_check_password:  Found Auth-Type System
    auth: type "System"
      ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action
    auth: Failed to validate the user.
    Login incorrect: [Users/cisco] (from client vpnServer port 0 cli 10.14.14.17)
    Delaying request 0 for 1 seconds
    Finished request 0
    Going to the next request
    --- Walking the entire request list ---
    Waking up in 1 seconds...
    --- Walking the entire request list ---
    Waking up in 1 seconds...
    --- Walking the entire request list ---
    Sending Access-Reject of id 4 to 10.14.14.30 port 1645
    Waking up in 4 seconds...
    --- Walking the entire request list ---
    Cleaning up request 0 ID 4 with timestamp 51ae5a41
    Nothing to do.  Sleeping until we see a request.
    Any idea Jatin?

  • Dynamic VLAN-Assignment from RADIUS with Aironet 1242AG doesn't work properly

    Hello All,
    our setting is to assign VLANs dynamically from RADIUS (freeradius) to Clients connected to the 1242 Access-Points with one SSID. We have Firmware
    12.4(10b)JA/JDA on the Aironet 1242.
    The clients should be connected to one of three VLANs - one for staff, one for students and one for guests. I use the Web-Interface of
    the 1242, because I'm not very familiar with IOS cli.
    After assigning the first VLAN to the SSID -> click Accept, assigning the second VLAN to the SSID (overwriting the previous one) -> click Accept,
    assigning the third VLAN to SSID (overwriting again) -> click Accept,  the assignment of VLANs works really fine,
    (the only thing i change on the page is VLAN, the SSID is set to mandatory WPAv2)
    BUT...
    when the 1242 is rebooted (due a building power off or similar) it doesn't work anymore. Clients end up in an endless authentication loop.
    After doing the procedure again from above - assigning all VLANs sequently once, it works fine again !  till next reboot...
    All VLANs have same encryption, cypher, TKIP+AES CCM. On the Cisco-Site I found a command, which i also tried with no success:
    'aaa authorization network default group radius'.
    I also tried to save the working config and load it into the 1242 again, this also did not work.
    It seems that i'm doing something wrong, but what ?
    Thanks for some help,
    Frank

    All you really need to do is make sure the subinterfaces/vlans are created for each VLAN you need, then have radius push down IETF attributes 64, 65, and 81.

  • Set an ip unnumbered from radius

    Hi all,
    I was reading a lot documentation and testing a lot of scenarios but i can not set template configuration from RADIUS…
    This it my configuration,
    aaa new-model
    aaa authentication login admin local
    aaa authentication ppp default local group radius
    aaa authorization template
    aaa authorization network default group radius local
    aaa accounting delay-start
    aaa accounting update newinfo
    aaa accounting network default start-stop group radius
    bba-group pppoe pruebavrf
    virtual-template 33
    sessions per-mac limit 48
    sessions per-vlan limit 1400
    interface Loopback10
    ip address 192.168.44.1 255.255.255.0
    interface FastEthernet0/0.8
    description PRUEBAS
    encapsulation dot1Q 8
    pppoe enable group pruebavrf
    interface Virtual-Template33
    no ip address
    no ip redirects
    no ip unreachables
    ip mtu 1480
    ip tcp adjust-mss 1400
    peer default ip address pool pool_local
    ppp authentication pap chap
    radius-server attribute 44 extend-with-addr
    radius-server attribute 8 include-in-access-req
    radius-server attribute nas-port format d
    radius-server configure-nas
    radius-server host X.X.X.X auth-port 1812 acct-port 1813 key xxxx
    radius-server retransmit 2
    radius-server timeout 6
    radius-server vsa send accounting
    radius-server vsa send authentication
    ip local pool pool_local x.x.x.x
    And this is RADIUS configuration
    testvdsl@knetip Auth-Type := local, User-Password == "xxxx"
    Service-Type = Framed-User,
    cisco-avpair += "template:ip-unnumbered=Loopback 10",
    Framed-Protocol = PPP
    I think that with this configuration virtual-access would be take the ip of Loopback 10 as unnumbered but doesn't work.
    Router#sh int Vi2.1
    Virtual-Access2.1 is up, line protocol is up
    Hardware is Virtual Access interface
    MTU 1492 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation PPP, LCP Open
    PPPoE vaccess, cloned from Virtual-Template33
    Vaccess status 0x0
    Keepalive set (10 sec)
    128 packets input, 1803 bytes
    128 packets output, 1799 bytes
    Last clearing of "show interface" counters never
    This is the RADIUS debug,
    .Nov 10 12:38:42: RADIUS(000E4E19): Send Access-Request to x.x.x.x:1812 id 1645/79, len 135
    .Nov 10 12:38:42: RADIUS: authenticator 3C 22 8C 1E AE 21 20 82 - B9 58 57 E3 16 6D C9 8B
    .Nov 10 12:38:42: RADIUS: Vendor, Cisco [26] 41
    .Nov 10 12:38:42: RADIUS: Cisco AVpair [1] 35 "client-mac-address=xxxx"
    .Nov 10 12:38:42: RADIUS: Framed-Protocol [7] 6 PPP [1]
    .Nov 10 12:38:42: RADIUS: User-Name [1] 17 "testvdsl@knetip"
    .Nov 10 12:38:42: RADIUS: User-Password [2] 18 *
    .Nov 10 12:38:42: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
    .Nov 10 12:38:42: RADIUS: NAS-Port [5] 6 8
    .Nov 10 12:38:42: RADIUS: NAS-Port-Id [87] 9 "0/0/0/8"
    .Nov 10 12:38:42: RADIUS: Service-Type [6] 6 Framed [2]
    .Nov 10 12:38:42: RADIUS: NAS-IP-Address [4] 6 x.x.x.x
    .Nov 10 12:38:42: RADIUS: Received from id 1645/79 x.x.x.x:1812, Access-Accept, len 74
    .Nov 10 12:38:42: RADIUS: authenticator E5 D8 63 D4 D5 EE EC C8 - F7 BB 4A B9 6A C8 60 F6
    .Nov 10 12:38:42: RADIUS: Service-Type [6] 6 Framed [2]
    .Nov 10 12:38:42: RADIUS: Vendor, Cisco [26] 42
    .Nov 10 12:38:42: RADIUS: Cisco AVpair [1] 36 "template:ip-unnumbered=Loopback 10"
    .Nov 10 12:38:42: RADIUS: Framed-Protocol [7] 6 PPP [1]
    .Nov 10 12:38:42: RADIUS(000E4E19): Received from id 1645/79
    Somebody can help me?
    Thank you in advance.

    Hi,
    I'll try to guide you through this though I'm not sure of all the words in English...Well you see, I had just the same problem as you and tried about evertyhing. And I hopes someone would give you tje answer but they didn't so I almost gave up when I suddenly solved the problem.
    What you do is this. Step by step. (On your mac-computer.) (Question-mark (?) means I'm not sure what the term is in Englis but I try to translate it word by word from Swedish)
    1. Open your "Finder"
    2. Click on "Programs"
    3. Open the map called "tool-programs?"
    4. Open the "Airport administration tools?" (It has the symbol of a roundshaped airport.)
    5. Click on Setup. (In the upper left corner there are four different buttons. The third says Setup)
    6. Enter the password for your basestation
    7. Click on Password (the fourth button in the upper left corner with a lock as a symbol)
    8. There you will have a HEX equivalent password (WEP-key) which you need for your PC.
    Then you just type in this password on your PC-computer and you will soon be able to use the internet via your airport and the airtunes as well.
    Good luck!
    /Emanuel

  • Waiting ACK from Radius Server before sending traffic

    Hello,
    After receiving the access accept from the Radus, the AS give the IP address to the client/user and send a Accounting Start to the Radus Server.
    I just want to know if is possible for the AS to wait the Ack of the Accounting Start from the Radius Server, before forwarding the client traffic to the destination.
    I see some documentation in the web and I find:
    aaa dnis map xxx accounting network wait-start group YYY..
    Is this the right thing to do? If I use ? after network this option doesn't appear.
    The IOS is: 5300-j-mz.122-11.T2.bin
    Thanks a lot
    Ira
    Ira

    Yes, I think its possible to start the accounting after receiving ack from radius server.For this, the command will be,
    router(config)#aaa accounting "what-to-track info" wait-start "where-to-send info".
    This wait-start cmd says that wait for receiving the ack from server before staring the accounting process.

  • Using a source-ip on a vpdn-group

    Hi,
    I'm using different source-ip under two vpdn-groups, and try to open an L2TP tunnel from my XP to 1.1.1.1 and 2.2.2.2:
    vpdn enable
    vpdn-group 1
    accept-dialin
    protocol l2tp
    virtual-template 1
    source-ip 1.1.1.1
    no l2tp tunnel authentication
    vpdn-group 2
    accept-dialin
    protocol l2tp
    virtual-template 2
    source-ip 2.2.2.2
    no l2tp tunnel authentication
    I found out that I can open the tunnel only to the first vpdn-group (1.1.1.1), and when I try to open the tunnel to 2.2.2.2, I saw (on a sniffer and on debug ip packet) that the router is getting my SCCRQ, but replay with the SCCRP from souse 1.1.1.1 (the first vpdn-group).
    I tried it with several platform and with several IOS images but it always the same.
    Do I miss something?
    Israel.

    Here is document on L2TP Dial-Out Load Balancing and Redundancy.
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541b7.html

  • How do I delete a contact group from my iphone

    How do I delete a contact group from my iphone?

    Download Easy Group. It is totally free. Lauch it. Click on Edit. Click on red-cross next to your unwanted group. That's all. http://itunes.apple.com/fr/app/easy-group/id461469079?mt=8
    Rémi
    Note: As I am Easy Group developper, I may receive some form of compensation, financial or otherwise,from my recommendation or link.

  • Get All Groups from Weblogic

    Hello everyone,
    Well i'm having little problem to get all groups that exists in Weblogic. I already search but the only thing i can get is the groups from the user that is autenticated in the application.
    Best regards,
    Tiago Marques

    See if this helps - http://weblogic-wonders.com/weblogic/2010/11/10/list-users-and-groups-in-weblogic-using-jmx/

  • Get all groups from an AD Server

    Hi everyone,
    I'm trying to get all groups from and AD server.
    Here's how I'm doing it:
    DirContext ctx = new InitialDirContext( (Hashtable<String,String>) env);
              Name n2 = new CompositeName().add(groupsContainer);
              NamingEnumeration<Binding> contentsEnum = ctx.listBindings(n2);
              int i = 1;
              while ( contentsEnum.hasMore() && (i++) < 1000 )
                   Binding binding = contentsEnum.next();
                   groups.add(binding.getName().substring(3));
              return groups; The problem is, I always get an error if I don't restrict the results number to below 1000.
    The error is the following *javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];*
    After googling, I found it it's due to a field in the AD Server, that restrict the result number.
    So there is no way that I can obtain all groups without changing that field?
    Regards,
    Nuno.

    Hi Nuno,
    You have to increase the MaxPageSize value at ActiveDirectory level to retrieve results more than 1000. By default the MaxPageSize value is 1000. There is no option other than increasing the MaxPageSize value.
    Thanks & Regards,
    Murali.
    ============

  • Hide Particular Item Group from Selection Criteria of Sales Analysis Report

    Hello Experts,
    Is this possible to Hide Particular Item Group from Selection Criteria of Sales Analysis Report?
    I have one Item Group as 'Special Items'.
    Now, when I open  Item wise sales analysis report, I want to hide above mentioned group from selection criteria.
    Thanks in advance.
    Best Regards,
    Pankit Sheth

    Hi,
    1. Not possible to put validation for selection criteria windows.
    2. In standard, I don't think it is possible to hide only one item group.
    3. Alternatively don't give authorization to user for running sales reports. If still need create customized query and ask user run every month.
    Thanks & Regards,
    Nagarajan

  • Provisioning multiple AD Groups from a Single Privilege

    Experts,
    We're encountering a situation here when we provision to multiple Active Directory groups from a single IDM Role.
    The scenario is this:
    We have a workflow that has multiple conditional and switch tasks that result in the provisioning of users to Active Directory 2008 (mixed mode) Our workflow uses the provisioning framework and all users have been granted the ONLY privilege for the system.
    The workflow will result in adding the users to multiple AD groups sometimes two AD groups that are associated with a single IDM role. The first assignment always works, the second does simply does not occur, no entry in the system or job log although IDM does show that the role has been assigned with an 'OK' status.
    We've accomplished a workaround by redesigning the workflow so that only single roles are assigned at a time and using chain result OK links to move from one provisioning activity to another, but frankly, we are unsatisfied with this.  IDM should be handling this much better through
    I'm wondering if we have a pending value floating out there and we should just be applying the pending value at the end of every AD group add.
    Any thoughts on this would be appreciated.
    Thanks,
    Matt

    Matt,
    In your post you mention "I'm wondering if we have a pending value floating out there and we should just be applying the pending value at the end of every AD group add"... I'm faced with a similar issue were I'm left pending values for privileges after the group is assigned.
    I've imported the AD groups as privileges. I assign them without issue. But when I review the assignments I can see that each corresponding privilege assignment now has a pending value. I can not remove the privilege from the user at this point.
    Have you seen this before? Any suggestions on how I can clean this up. BTW, I'm using the SAP PF basically unchanged...
    Thanks!

  • How to create a Group from an existing email -

    I just want to create a Group from an existing email received.  Don't want to add people individually to Address Book, then drag them to the Group.  Would prefer to copy/paste the addresses into the Group.  I'm part of a team at work wth 25 people!  Do I really have to add their addresses individually?  Seems ridiculous.  Don't even need their names - just the emails, so when I type in "United," for example, I get all the folks in that Group which is named "United."
    Thanks.

    There was a "magical" set of Applescripts that would have done that, but it no longer works.
    There is no way in the OS to do that besides making the Applescript yourself using the current Script Editor.
    Another way to do what you want is to select all of the addresses (select one, then cmd-A). Then, drag the selection to somewhere in the Finder. That will create a text clipping. You can then drag that text clipping into the address field in Mail.
    The text clipping will be named with the first few email addresses. You can rename it in the Finder.
    Each one can be your own "distribution" list.

Maybe you are looking for