[cisco-nas] Virtaul-profile feature Set

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Mon Mar 7 10:58:24 EST 2005 

Ahmad Cheikh Moussa <mailto:acm at netuse.de> wrote on Monday, March 07, 2005 4:19 PM:

> it is not really a problem. It's a matter of nat.
> I have configured "ip nat inside" only on the dialer Interface
> and on the virtual-interface. As the user gets no virtual-interface,
> the router use the Pri Interface. The "ip nat inside" Feature is not
> configured on the Pri interface and therefore the user wasn't natted.
> As I configured on the Pysical interface "ip nat inside" the user was
> properly natted. Normally I don't wanna configure any ip options on
> an Physical Interface and therefore it is for me a problem.
> 
> Any ideas, how to solve that ?

"no virtual-profile if-needed" doesn't work?

	oli

> 
> Oliver Boehmer (oboehmer) wrote:
>> 
>> 
>>> I have a dialin user, which do not get an virtual
>>> interface. The radius config is relatively easy:
>>> 
>>> user01     Auth-Type:= Local, User-Password == "****""
>>>         Service-Type = Framed-User,
>>>         Framed-Protocol = PPP,
>>>         cisco-avpair += "ip:addr-pool=POOL_NETYOU_RFC",        
>>> Framed-Routing = None 
>>> 
>>> Any ideas, why this user get no virtual-interface ?
>>> Wiht 12.2 there was no problems.
>> 
>> 
>> Apart from the fact that the user is terminated on the physical
>> line, is there a problem? Can't check right now, but we shouldn't
>> need an vaccess for this specific user. Is this an ISDN or
>> Modem/async user? remove the "virtual-profile if-needed" and you'll
>> get a vaccess for every call..   
>> 
>> 	oli
>> 
>> 
>>>> Ahmad,
>>>> 
>>>> 
>>>> 
>>>>> I want to configure virtual profiles. These profiles
>>>>> shoul be used, when they are needed.
>>>>> Normally the configuration should look like this :
>>>>> 
>>>>> virtual-profile if-needed
>>>>> virtual-profile virtual-template 1
>>>>> virtual-profile aaa
>>>>> 
>>>>> Since my update from 12.2 to 12.3(T) the line
>>>>> "virtual-profile aaa" is away.
>>>>> 
>>>>> Any ideas, why this happen?
>>>>> Is this command not supported with IP Plus ?
>>>>> Is there a new way to configure this option ?
>>>> 
>>>> 
>>>> This command is obsolete, you don't need it anymore. IOS
>>>> automatically uses a vaccess when it sees per-user attributes in
>>>> the AAA response.. 
>>>> 
>>>> 	oli
>>> 
>>> 
>>> --
>>> Ahmad Cheikh-Moussa
>>> NetUSE AG
>>> Dr.-Hell-Straße, 24107 Kiel, Germany
>>> Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
>>> Service: Service at NetUSE.DE --  http://NetUSE.DE
>> 
>> /
> 
> 
> --
> Ahmad Cheikh-Moussa
> NetUSE AG
> Dr.-Hell-Straße, 24107 Kiel, Germany
> Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
> Service: Service at NetUSE.DE --  http://NetUSE.DE/

More information about the cisco-nas mailing list