[cisco-nas] Virtaul-profile feature Set

Ahmad Cheikh Moussa acm at netuse.de
Mon Mar 7 10:19:12 EST 2005 

Hi Oliver,

it is not really a problem. It's a matter of nat.
I have configured "ip nat inside" only on the dialer Interface
and on the virtual-interface. As the user gets no virtual-interface,
the router use the Pri Interface. The "ip nat inside" Feature is not
configured on the Pri interface and therefore the user wasn't natted.
As I configured on the Pysical interface "ip nat inside" the user was
properly natted. Normally I don't wanna configure any ip options on
an Physical Interface and therefore it is for me a problem.

Any ideas, how to solve that ?

Regards,
  Ahmad

Oliver Boehmer (oboehmer) wrote:
>  
> 
>>I have a dialin user, which do not get an virtual
>>interface. The radius config is relatively easy:
>>
>>user01     Auth-Type:= Local, User-Password == "****""
>>         Service-Type = Framed-User,
>>         Framed-Protocol = PPP,
>>         cisco-avpair += "ip:addr-pool=POOL_NETYOU_RFC",
>>         Framed-Routing = None
>>
>>Any ideas, why this user get no virtual-interface ?
>>Wiht 12.2 there was no problems.
> 
> 
> Apart from the fact that the user is terminated on the physical line, is there a problem? Can't check right now, but we shouldn't need an vaccess for this specific user. Is this an ISDN or Modem/async user?
> remove the "virtual-profile if-needed" and you'll get a vaccess for every call..
> 
> 	oli
> 
> 
>>>Ahmad,
>>>
>>>
>>>
>>>>I want to configure virtual profiles. These profiles
>>>>shoul be used, when they are needed.
>>>>Normally the configuration should look like this :
>>>>
>>>>virtual-profile if-needed
>>>>virtual-profile virtual-template 1
>>>>virtual-profile aaa
>>>>
>>>>Since my update from 12.2 to 12.3(T) the line
>>>>"virtual-profile aaa" is away.
>>>>
>>>>Any ideas, why this happen?
>>>>Is this command not supported with IP Plus ?
>>>>Is there a new way to configure this option ?
>>>
>>>
>>>This command is obsolete, you don't need it anymore. IOS
>>>automatically uses a vaccess when it sees per-user attributes in the
>>>AAA response.. 
>>>
>>>	oli
>>
>>
>>--
>>Ahmad Cheikh-Moussa
>>NetUSE AG
>>Dr.-Hell-Straße, 24107 Kiel, Germany
>>Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
>>Service: Service at NetUSE.DE --  http://NetUSE.DE
> 
> /


-- 
Ahmad Cheikh-Moussa
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
Service: Service at NetUSE.DE --  http://NetUSE.DE/

More information about the cisco-nas mailing list