Re: [nsp] IP Address to PPP Dial-Up users

From: Siva Valliappan (svalliap@cisco.com)
Date: Tue Dec 19 2000 - 17:20:52 EST

Next message: Rod Oliver: "Server load balancing solution"
Previous message: Alejandro Esquivel Rodríguez: "[nsp] IP Address to PPP Dial-Up users"
In reply to: Alejandro Esquivel Rodríguez: "[nsp] IP Address to PPP Dial-Up users"
Next in thread: Tom Cof: "Re: [nsp] IP Address to PPP Dial-Up users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

sounds like you are running into a sw bug. we should only have accepted
the static address if you have "ppp ipcp accept-address" configured
under the interface. can you disable console logging, and then capture

debug ppp nego
debug ppp auth
debug ppp error
debug aaa per-user
debug aaa authen
debug aaa authori

to verify that this is what you are running into. 12.0(4)XI1 is very old
code. you may want to move to some newer code that supports all your
sw/hw features. would recommend opening a TAC case to get some suggestions/
guidance on what you need to do.

regards
.siva

>
> I am using an AS5300 with Cisco IOS 12.0(4)XI1. I have configured my
> Group-Async to use "peer default ip address pool default" and this assigns
> the IP address fine. But if someone dials in already configured with an IP
> Address, it allows them to use theirs and not the one I defined. I want to
> either force them to use the IP address assigned by the AS5300 or deny them
> access. I use tacacs+ server to authenticate users.
>
> Any Idea ???
>
> Configuration:
>
> aaa new-model
> aaa authentication login default local group tacacs+
> aaa authentication ppp default if-needed local group tacacs+
> aaa authorization exec default local group tacacs+
> aaa authorization commands 1 default local group tacacs+
> aaa authorization commands 15 default local group tacacs+
> aaa authorization network default group tacacs+
> aaa accounting nested
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 1 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
> aaa accounting network default start-stop group tacacs+
> aaa accounting connection default start-stop group tacacs+
> aaa accounting system default start-stop group tacacs+
>
> interface Group-Async0
> ip unnumbered Loopback0
> encapsulation ppp
> no ip mroute-cache
> dialer in-band
> dialer idle-timeout 900 either
> dialer-group 1
> autodetect encapsulation ppp
> async mode interactive
> peer default ip address pool default
> no cdp enable
> ppp authentication chap pap
> ppp chap hostname RacsA
> ppp multilink
>

Next message: Rod Oliver: "Server load balancing solution"
Previous message: Alejandro Esquivel Rodríguez: "[nsp] IP Address to PPP Dial-Up users"
In reply to: Alejandro Esquivel Rodríguez: "[nsp] IP Address to PPP Dial-Up users"
Next in thread: Tom Cof: "Re: [nsp] IP Address to PPP Dial-Up users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT