[cisco-nas] multiple ip pool on the same nas
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Mar 8 09:37:59 EST 2004
> Can I use one local pool for users and and another local pool for a
> specific user?
well, of course, just define two pools and then include
cisco-avpair = "ip:addr-pool=GUESTPOOL"
to your guest's profile and a different pool to your regular users. or
do you mean s/th different?
> guest users are granted specific services such as viewing only our
> home page and nothing else.
> an access-list will be applied to the second pool.
But if you're only concerned about resticting access, you can also apply
per-user access-list via radius:
cisco-pavpair = "ip:inacl#1=permit tcp any host x.x.x.x eq 80",
cisco-pavpair = "ip:inacl#2=permit udp any any eq 53"
Tx,
oli
>
> Rivo.
>
> At 15:07 08/03/04 +0100, you wrote:
> > > I use a radius server for aaa, is there a way to assign a specific
> > > user, eg guest an IP address not from the local pool nor from
> > > radius server?
> >
> > Hmm, I'm not sure I understand your question. You want to assign a
> > specific IP, but don't want to use radius nor local pools? Not sure
> > what you mean..
> >
> > oli
> >
> > >
> > >
> > > At 06:58 04/03/04 +0100, you wrote:
> > > > >
> > > > > How can I use 2 different ip pool on an as5300?
> > > >
> > > > ip local pool POOL-A <start-ip> <end-ip>
> > > > ip local pool POOL-B <start-ip> <end-ip>
> > > >
> > > > and then assign the appropriate pool by name using Radius
> > > > (cisco-avpair = "ip:addr-pool=POOL-A") or via interface config
> > > > on vtemplate, group-async, etc. ("peer default ip address pool
> > > > POOL-A")
> > > >
> > > > oli
More information about the cisco-nas
mailing list