On Tue, 7 Sep 1999, Robert J. Adams wrote:
> Alan,
>
> Ok.. noticed one problem with this "fix" ..
>
> With this setting the Cisco ignores my radius netmasks.. i.e. the following
> no longer works.
>
> user Auth-Type = LDAP
> Framed-IP-Address = 209.251.13.161,
> Framed-IP-Netmask = 255.255.255.240,
> ..
>
> Any ideas on a work around?
No workaround....
In order to get attributes as IP and others from tacacs/radius
you must have "aaa authorization network tacacs+" ( or "radius")
It is this process "authorization network" which requests these parameters
and set them up...
If you disable this process, then you have no these features.. ;)
Fair, heh? ;)
>
> -Jason
>
>
>
> -----Original Message-----
> From: Alan Sawyer [mailto:ams@vicnet.net.au]
> Sent: Monday, September 06, 1999 10:19 PM
> To: Robert J. Adams
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [nsp] Argh
>
>
> On Mon, 6 Sep 1999, Robert J. Adams wrote:
>
> > Hello all,
> >
> > Well, since I was playing with dialup, I turned on AAA new-model .. one
> > problem.. now whenever a T1 (i.e. int serial 1/0) goes down/up it tries to
> > ppp auth them. Anyway to tell it NOT to auth on an interface? I tried the
> > obvious (no ppp auth, no ppp auth pap) with no luck.
>
> Try entering 'aaa authorization network none'
> Regards.
>
>
> >
> > TIA,
> > Jason
>
>
--------------------------------------
Basil (Vasily) Dolmatov CCNP-Security, CCDA
East Connection ISP, Moscow, Russia. (http://www.east.ru)
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:05 EDT