[cisco-nas] PPPOE w/ Radius specified IP & subnet mask problems

Josh Duffek | Tredent joshd at tredent.com
Fri Jan 22 18:37:08 EST 2010 

Ahh gotcha...

It's been awhile since I've looked at this, but...shouldn't aaa
authorization local or radius be on?  I would do this:

confi t
aaa authorization network default local
end
debug aaa authen
debug aaa author
debug ppp nego
debug ip peer

and grab "sh ver | i IOS"...(just to make it small)

...And send that in, if the aaa author command doesn't fix it.  Aaron can
probably answer this better then I can :)

Thanks,
Josh


On Fri, Jan 22, 2010 at 4:57 PM, Aaron Seelye <aseelye-lists at eltopia.com>wrote:

> No, it's a westell dsl modem.  It's giving us problems, presumably because
> all of my servers are on the same /8, but I can ping google/yahoo/whatever
> IPs that fall outside the /8.
>
> -Aaron
>
>
> On 1/22/2010 2:44 PM, Josh Duffek | Tredent wrote:
>
>> Is it window clients connecting to this?  If so read this:
>>
>> http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml
>>
>> The subnet mask shouldn't be an issue really...can you not route traffic
>> over the link after it comes up?
>>
>> jd.
>>
>>
>> On Fri, Jan 22, 2010 at 4:26 PM, Aaron Seelye <aseelye-lists at eltopia.com
>> <mailto:aseelye-lists at eltopia.com>> wrote:
>>
>>    Hello,
>>
>>    I have the following config, and for dynamic IP customers, it seems
>>    to be good so far (only testing one user, want to get the kinks
>>    worked out before fully implementing).  However, we have a problem
>>    in that the subnet mask that's being negotiated seems to be a /8
>>    (Old Class A default).  Also, if we specify the IP address in
>>    Radius, the Cisco seems to ignore that in the Access-Reply, and
>>    continue to assign the original address it'd intended from its pool.
>>      Any pointers would be greatly appreciated, as the "ppp ipcp mask
>>    255.255.255.255" seems to have no effect on the netmask negotiated,
>>    and no amount of dial turning has yielded results on the
>>    Radius-assigned IP issue.
>>
>>    TIA,
>>
>>    Aaron Seelye
>>
>>
>>
>>    aaa new-model
>>    aaa authentication login default line
>>    aaa authentication ppp default group radius
>>    aaa accounting network default start-stop group radius
>>
>>    vpdn enable
>>    !
>>    vpdn-group number
>>      accept-dialin
>>      protocol pppoe
>>      virtual-template 1
>>    !
>>    vc-class atm PPP7.1
>>      protocol pppoe
>>      ubr 7840
>>      no ilmi manage
>>      encapsulation aal5snap
>>    !
>>    interface ATM3/0.311 point-to-point
>>      description POVN
>>      pvc 3/11
>>      class-vc PPP7.1
>>    !
>>    interface Virtual-Template1
>>      ip unnumbered FastEthernet0/0
>>      ip mtu 1492
>>      peer default ip address pool pppoe146
>>      ppp authentication pap chap
>>      ppp ipcp mask 255.255.255.255
>>    !
>>    ip local pool pppoe146 192.168.146.1 192.168.146.254
>>    !
>>    radius-server host 192.168.131.3 auth-port 1645 acct-port 1646
>>    radius-server attribute 8 include-in-access-req
>>    radius-server attribute nas-port format d
>>    radius-server key 7 03035D13555B7248
>>
>>
>>    _______________________________________________
>>    cisco-nas mailing list
>>    cisco-nas at puck.nether.net <mailto:cisco-nas at puck.nether.net>
>>
>>    https://puck.nether.net/mailman/listinfo/cisco-nas
>>
>>
>>
>>
>>
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date: 01/21/10
>> 23:34:00
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20100122/d5557737/attachment.html>

More information about the cisco-nas mailing list