[cisco-nas] AAA: Filtering assigned IP adresses
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Mar 24 12:46:20 EST 2004
> we have some NAS (and some LNS) where users receive static IP
> adresses via RADIUS, like
>
> Framed-IP-Address = 62.210.1.1
> Framed-IP-Netmask = 255.255.255.240
>
> but sometimes the RADIUS provisioning fails and we have
>
> Framed-IP-Address = 62.210.1.1
> Framed-IP-Netmask = 0.0.0.0 (!!!)
>
> which leads to a virtual-access interface which acts as a default
> route and receives all trafic.
>
> Is there a way to configure the NAS to refuse adresses assignments of
> this kind ? I would like to find some fool proof config in the NAS to
> prevent that kind of problems.
I don't know of any way to filter the *contents* of an attribute in IOS. So far we can only filter complete attributes.
There might even be customers using framed-netmask 0.0.0.0 on purpose, so just filtering out this assignment would possibly break existing configs. not sure...
oli
More information about the cisco-nas
mailing list