Re: [nsp] IP Address to PPP Dial-Up users

From: Tom Cof (tom.cof@siol.net)
Date: Wed Dec 20 2000 - 02:20:00 EST

Next message: Zaheer Aziz: "Re: [nsp] CEF routes not refreshing."
Previous message: Barry Raveendran Greene: "RE: solved? - Re: [nsp] "verify unicast reverse-path" with acl causes %SYS-3-INVMEMINT"
In reply to: Alejandro Esquivel Rodríguez: "[nsp] IP Address to PPP Dial-Up users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

If you have all your profiles in tacacs+ you could try assigning them to a
group profile. In a group profile you add cisco specific tacacs command >>
set addr-pool default <<. This prevents AS5300 to surrender to customers ip
address.

----- Original Message -----
From: "Alejandro Esquivel Rodríguez" <aesquivel@its.co.cr>
To: <cisco-nsp@puck.nether.net>
Sent: Tuesday, December 19, 2000 10:17 PM
Subject: [nsp] IP Address to PPP Dial-Up users

> I am using an AS5300 with Cisco IOS 12.0(4)XI1. I have configured my
> Group-Async to use "peer default ip address pool default" and this assigns
> the IP address fine. But if someone dials in already configured with an IP
> Address, it allows them to use theirs and not the one I defined. I want to
> either force them to use the IP address assigned by the AS5300 or deny
them
> access. I use tacacs+ server to authenticate users.
>
> Any Idea ???
>
> Configuration:
>
> aaa new-model
> aaa authentication login default local group tacacs+
> aaa authentication ppp default if-needed local group tacacs+
> aaa authorization exec default local group tacacs+
> aaa authorization commands 1 default local group tacacs+
> aaa authorization commands 15 default local group tacacs+
> aaa authorization network default group tacacs+
> aaa accounting nested
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 1 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
> aaa accounting network default start-stop group tacacs+
> aaa accounting connection default start-stop group tacacs+
> aaa accounting system default start-stop group tacacs+
>
> interface Group-Async0
> ip unnumbered Loopback0
> encapsulation ppp
> no ip mroute-cache
> dialer in-band
> dialer idle-timeout 900 either
> dialer-group 1
> autodetect encapsulation ppp
> async mode interactive
> peer default ip address pool default
> no cdp enable
> ppp authentication chap pap
> ppp chap hostname RacsA
> ppp multilink
>

Next message: Zaheer Aziz: "Re: [nsp] CEF routes not refreshing."
Previous message: Barry Raveendran Greene: "RE: solved? - Re: [nsp] "verify unicast reverse-path" with acl causes %SYS-3-INVMEMINT"
In reply to: Alejandro Esquivel Rodríguez: "[nsp] IP Address to PPP Dial-Up users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT