[nsp] RE: Provide routable IP over dynamic assigned remote link

Wed Dec 18 09:45:16 EST 2002

>>
>> 	Framed-IP-Address = 10.0.0.190
>> 	Framed-IP-Netmask = 255.255.255.254
>>
>> would assign 2 addresses, 10.0.0.190 and 10.0.0.191 correct?
>
>No, it would assign .190 to the peer and create a static route
>"10.0.0.190 255.255.255.254" to the interface. We handle Framed-Netmask
>similar to a Framed-Route, i.e. the radius profiles

So it would assume the peer would assume the NAS only has a .254 netmask...  and
would result in non-routable packets?  or would the NAS not pay attention to the
netmask that the peer is broadcasting?

>
>  Framed-IP-Address = 10.0.0.188
>  Framed-IP-Netmask = 255.255.255.0
>
>and
>
>  Framed-IP-Address = 10.0.0.188
>  Framed-Route = "10.0.0.0 255.255.255.0"
>
>will produce the same result. I doubt that we will actually allocate any
>of the addresses referenced by framed-route/framed-ip-netmask from the
>pool..

so this is more for the client benefit than actually routing IP traffic for the
specified address/mask to and from the peer

>> ...and (staying in our "ip local pool default 10.0.0.1 10.0.0.192")
>>
>> 	Framed-IP-Address = 10.0.0.188
>> 	Framed-IP-Netmask = 255.255.255.252
>>
>> would assign 4 addresses, 10.0.0.188 through .191 to the user
>> interface correct?
>>
>> Does the Framed-Routing Avoid having to use two of the IPs
>> for Address and
>> Broadcast and just assign both to the interface with the same
>> broadcast as the
>> rest of the NAS?
>
>The user's interface on the NAS is not affected by any of this (it is
>usually configured as ip unnumbered), it is up to the peer how he sets
>up his interfaces/routing. We just set up the routing table and send the
>packet across the p2p link, it is up to the peer to interpret
>network/broadcast addresses.

Hmmm...  so by this is it safe to assume that;
	1) the IP addresses are not actually assigned if the netmask is is used
	2) that the NAS will still route traffic for the IP addresses (4 in last case)
to the peer in question
	3) that if the peer router is configured to accept the ip/netmask for the 4 IP
addresses that it will be able to use and route them across the connection
without problem?

If not, is there anyway to enable the following via Cisco AVPairs generated from
the RADIUS server (with the RADIUS server specifying IP addresses to use from
the .1 - .192 pool block for each and every connection...  RADIUS manages IP
distribution;

NAS AS5300
	56k 1 Channel Dialup Users
		- need to send/receive via 1 IP address
	128k 2 channel connection from Cisco 802 ISDN
		- needs to send/receive via 2 IP addresses
	256k 4 channel connection from Cisco 1720 w/2 WIC-1B-U ISDN
		- needs to send/receive via 4 IP addresses
	512k 8 channel connection from Cisco 3620 w/NM-1E & NM-4B-U ISDN
		- needs to send/receive via 8 IP addresses

Again, dynamic or reserved IP address would be managed by the RADIUS server.  We
would keep track of which IP addresses we are wanting reserved for static users,
and simply removing them from a "PickAvailableIP" script which would assign the
IP addresses for non-static clients so I am not concerned about how the NAS
manages or whether it will accidently reallocate IP addresses...

Currently we can already assign any IP address we want using Framed-IP-Address
AVPair for each and every AUTH request.

Finaly, and again, the NAS is not owned by us in this scenario, so we have to be
able to accomplish this over AVPairs.

Appreciate the helpful insight up to this point, has certainly streached my
understanding in this regard.

Dave