[cisco-nas] PPPOE w/ Radius specified IP & subnet mask problems

Aaron Seelye aseelye-lists at eltopia.com
Fri Jan 22 18:58:26 EST 2010 

Just was going to write back, authorization fixed the IP address 
portion.  Still working on the netmask problem though, it doesn't seem 
to be taking the value over radius like it does now for the IP itself. 
Regarding the debug, there's quite a bit there, should I look for/reply 
with something in particular?

-Aaron

On 1/22/2010 3:37 PM, Josh Duffek | Tredent wrote:
> Ahh gotcha...
>
> It's been awhile since I've looked at this, but...shouldn't aaa
> authorization local or radius be on?  I would do this:
>
> confi t
> aaa authorization network default local
> end
> debug aaa authen
> debug aaa author
> debug ppp nego
> debug ip peer
>
> and grab "sh ver | i IOS"...(just to make it small)
>
> ...And send that in, if the aaa author command doesn't fix it.  Aaron
> can probably answer this better then I can :)
>
> Thanks,
> Josh
>
>
> On Fri, Jan 22, 2010 at 4:57 PM, Aaron Seelye <aseelye-lists at eltopia.com
> <mailto:aseelye-lists at eltopia.com>> wrote:
>
>     No, it's a westell dsl modem.  It's giving us problems, presumably
>     because all of my servers are on the same /8, but I can ping
>     google/yahoo/whatever IPs that fall outside the /8.
>
>     -Aaron
>
>
>     On 1/22/2010 2:44 PM, Josh Duffek | Tredent wrote:
>
>         Is it window clients connecting to this?  If so read this:
>         http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml
>
>         The subnet mask shouldn't be an issue really...can you not route
>         traffic
>         over the link after it comes up?
>
>         jd.
>
>
>         On Fri, Jan 22, 2010 at 4:26 PM, Aaron Seelye
>         <aseelye-lists at eltopia.com <mailto:aseelye-lists at eltopia.com>
>         <mailto:aseelye-lists at eltopia.com
>         <mailto:aseelye-lists at eltopia.com>>> wrote:
>
>             Hello,
>
>             I have the following config, and for dynamic IP customers,
>         it seems
>             to be good so far (only testing one user, want to get the kinks
>             worked out before fully implementing).  However, we have a
>         problem
>             in that the subnet mask that's being negotiated seems to be a /8
>             (Old Class A default).  Also, if we specify the IP address in
>             Radius, the Cisco seems to ignore that in the Access-Reply, and
>             continue to assign the original address it'd intended from
>         its pool.
>               Any pointers would be greatly appreciated, as the "ppp
>         ipcp mask
>             255.255.255.255" seems to have no effect on the netmask
>         negotiated,
>             and no amount of dial turning has yielded results on the
>             Radius-assigned IP issue.
>
>             TIA,
>
>             Aaron Seelye
>
>
>
>             aaa new-model
>             aaa authentication login default line
>             aaa authentication ppp default group radius
>             aaa accounting network default start-stop group radius
>
>             vpdn enable
>             !
>             vpdn-group number
>               accept-dialin
>               protocol pppoe
>               virtual-template 1
>             !
>             vc-class atm PPP7.1
>               protocol pppoe
>               ubr 7840
>               no ilmi manage
>               encapsulation aal5snap
>             !
>             interface ATM3/0.311 point-to-point
>               description POVN
>               pvc 3/11
>               class-vc PPP7.1
>             !
>             interface Virtual-Template1
>               ip unnumbered FastEthernet0/0
>               ip mtu 1492
>               peer default ip address pool pppoe146
>               ppp authentication pap chap
>               ppp ipcp mask 255.255.255.255
>             !
>             ip local pool pppoe146 192.168.146.1 192.168.146.254
>             !
>             radius-server host 192.168.131.3 auth-port 1645 acct-port 1646
>             radius-server attribute 8 include-in-access-req
>             radius-server attribute nas-port format d
>             radius-server key 7 03035D13555B7248
>
>
>             _______________________________________________
>             cisco-nas mailing list
>         cisco-nas at puck.nether.net <mailto:cisco-nas at puck.nether.net>
>         <mailto:cisco-nas at puck.nether.net
>         <mailto:cisco-nas at puck.nether.net>>
>
>         https://puck.nether.net/mailman/listinfo/cisco-nas
>
>
>
>
>
>
>
>
>         No virus found in this incoming message.
>         Checked by AVG - www.avg.com <http://www.avg.com>
>         Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date:
>         01/21/10 23:34:00
>
>
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date: 01/21/10 23:34:00
>

More information about the cisco-nas mailing list