[nsp] IP Address to PPP Dial-Up users

From: Alejandro Esquivel Rodríguez (aesquivel@its.co.cr)
Date: Tue Dec 19 2000 - 16:17:53 EST


I am using an AS5300 with Cisco IOS 12.0(4)XI1. I have configured my
Group-Async to use "peer default ip address pool default" and this assigns
the IP address fine. But if someone dials in already configured with an IP
Address, it allows them to use theirs and not the one I defined. I want to
either force them to use the IP address assigned by the AS5300 or deny them
access. I use tacacs+ server to authenticate users.

Any Idea ???

  Configuration:

aaa new-model
aaa authentication login default local group tacacs+
aaa authentication ppp default if-needed local group tacacs+
aaa authorization exec default local group tacacs+
aaa authorization commands 1 default local group tacacs+
aaa authorization commands 15 default local group tacacs+
aaa authorization network default group tacacs+
aaa accounting nested
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

interface Group-Async0
  ip unnumbered Loopback0
  encapsulation ppp
  no ip mroute-cache
  dialer in-band
  dialer idle-timeout 900 either
  dialer-group 1
  autodetect encapsulation ppp
  async mode interactive
  peer default ip address pool default
  no cdp enable
  ppp authentication chap pap
  ppp chap hostname RacsA
  ppp multilink



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT