I am using an AS5300 with Cisco IOS 12.0(4)XI1. I have configured my
Group-Async to use "peer default ip address pool default" and this assigns
the IP address fine. But if someone dials in already configured with an IP
Address, it allows them to use theirs and not the one I defined. I want to
either force them to use the IP address assigned by the AS5300 or deny them
access. I use tacacs+ server to authenticate users.
Any Idea ???
Configuration:
aaa new-model
aaa authentication login default local group tacacs+
aaa authentication ppp default if-needed local group tacacs+
aaa authorization exec default local group tacacs+
aaa authorization commands 1 default local group tacacs+
aaa authorization commands 15 default local group tacacs+
aaa authorization network default group tacacs+
aaa accounting nested
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
interface Group-Async0
ip unnumbered Loopback0
encapsulation ppp
no ip mroute-cache
dialer in-band
dialer idle-timeout 900 either
dialer-group 1
autodetect encapsulation ppp
async mode interactive
peer default ip address pool default
no cdp enable
ppp authentication chap pap
ppp chap hostname RacsA
ppp multilink
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT