sounds like you are running into a sw bug. we should only have accepted
the static address if you have "ppp ipcp accept-address" configured
under the interface. can you disable console logging, and then capture
debug ppp nego
debug ppp auth
debug ppp error
debug aaa per-user
debug aaa authen
debug aaa authori
to verify that this is what you are running into. 12.0(4)XI1 is very old
code. you may want to move to some newer code that supports all your
sw/hw features. would recommend opening a TAC case to get some suggestions/
guidance on what you need to do.
regards
.siva
>
> I am using an AS5300 with Cisco IOS 12.0(4)XI1. I have configured my
> Group-Async to use "peer default ip address pool default" and this assigns
> the IP address fine. But if someone dials in already configured with an IP
> Address, it allows them to use theirs and not the one I defined. I want to
> either force them to use the IP address assigned by the AS5300 or deny them
> access. I use tacacs+ server to authenticate users.
>
> Any Idea ???
>
> Configuration:
>
> aaa new-model
> aaa authentication login default local group tacacs+
> aaa authentication ppp default if-needed local group tacacs+
> aaa authorization exec default local group tacacs+
> aaa authorization commands 1 default local group tacacs+
> aaa authorization commands 15 default local group tacacs+
> aaa authorization network default group tacacs+
> aaa accounting nested
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 1 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
> aaa accounting network default start-stop group tacacs+
> aaa accounting connection default start-stop group tacacs+
> aaa accounting system default start-stop group tacacs+
>
> interface Group-Async0
> ip unnumbered Loopback0
> encapsulation ppp
> no ip mroute-cache
> dialer in-band
> dialer idle-timeout 900 either
> dialer-group 1
> autodetect encapsulation ppp
> async mode interactive
> peer default ip address pool default
> no cdp enable
> ppp authentication chap pap
> ppp chap hostname RacsA
> ppp multilink
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT