[cisco-nas] PPPOE w/ Radius specified IP & subnet mask problems

Josh Duffek | Tredent joshd at tredent.com
Fri Jan 22 19:03:34 EST 2010 

I guess you don't need the aaa authen debugs, and only really care about the
tail end of debug ppp nego(ncp and beyond)....but add "debug radius".  I
think the more debugs the better :)

jd.


On Fri, Jan 22, 2010 at 5:58 PM, Aaron Seelye <aseelye-lists at eltopia.com>wrote:

> Just was going to write back, authorization fixed the IP address portion.
>  Still working on the netmask problem though, it doesn't seem to be taking
> the value over radius like it does now for the IP itself. Regarding the
> debug, there's quite a bit there, should I look for/reply with something in
> particular?
>
> -Aaron
>
>
> On 1/22/2010 3:37 PM, Josh Duffek | Tredent wrote:
>
>> Ahh gotcha...
>>
>> It's been awhile since I've looked at this, but...shouldn't aaa
>> authorization local or radius be on?  I would do this:
>>
>> confi t
>> aaa authorization network default local
>> end
>> debug aaa authen
>> debug aaa author
>> debug ppp nego
>> debug ip peer
>>
>> and grab "sh ver | i IOS"...(just to make it small)
>>
>> ...And send that in, if the aaa author command doesn't fix it.  Aaron
>> can probably answer this better then I can :)
>>
>> Thanks,
>> Josh
>>
>>
>> On Fri, Jan 22, 2010 at 4:57 PM, Aaron Seelye <aseelye-lists at eltopia.com
>> <mailto:aseelye-lists at eltopia.com>> wrote:
>>
>>    No, it's a westell dsl modem.  It's giving us problems, presumably
>>    because all of my servers are on the same /8, but I can ping
>>    google/yahoo/whatever IPs that fall outside the /8.
>>
>>    -Aaron
>>
>>
>>    On 1/22/2010 2:44 PM, Josh Duffek | Tredent wrote:
>>
>>        Is it window clients connecting to this?  If so read this:
>>
>> http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml
>>
>>        The subnet mask shouldn't be an issue really...can you not route
>>        traffic
>>        over the link after it comes up?
>>
>>        jd.
>>
>>
>>        On Fri, Jan 22, 2010 at 4:26 PM, Aaron Seelye
>>        <aseelye-lists at eltopia.com <mailto:aseelye-lists at eltopia.com>
>>        <mailto:aseelye-lists at eltopia.com
>>        <mailto:aseelye-lists at eltopia.com>>> wrote:
>>
>>            Hello,
>>
>>            I have the following config, and for dynamic IP customers,
>>        it seems
>>            to be good so far (only testing one user, want to get the kinks
>>            worked out before fully implementing).  However, we have a
>>        problem
>>            in that the subnet mask that's being negotiated seems to be a
>> /8
>>            (Old Class A default).  Also, if we specify the IP address in
>>            Radius, the Cisco seems to ignore that in the Access-Reply, and
>>            continue to assign the original address it'd intended from
>>        its pool.
>>              Any pointers would be greatly appreciated, as the "ppp
>>        ipcp mask
>>            255.255.255.255" seems to have no effect on the netmask
>>        negotiated,
>>            and no amount of dial turning has yielded results on the
>>            Radius-assigned IP issue.
>>
>>            TIA,
>>
>>            Aaron Seelye
>>
>>
>>
>>            aaa new-model
>>            aaa authentication login default line
>>            aaa authentication ppp default group radius
>>            aaa accounting network default start-stop group radius
>>
>>            vpdn enable
>>            !
>>            vpdn-group number
>>              accept-dialin
>>              protocol pppoe
>>              virtual-template 1
>>            !
>>            vc-class atm PPP7.1
>>              protocol pppoe
>>              ubr 7840
>>              no ilmi manage
>>              encapsulation aal5snap
>>            !
>>            interface ATM3/0.311 point-to-point
>>              description POVN
>>              pvc 3/11
>>              class-vc PPP7.1
>>            !
>>            interface Virtual-Template1
>>              ip unnumbered FastEthernet0/0
>>              ip mtu 1492
>>              peer default ip address pool pppoe146
>>              ppp authentication pap chap
>>              ppp ipcp mask 255.255.255.255
>>            !
>>            ip local pool pppoe146 192.168.146.1 192.168.146.254
>>            !
>>            radius-server host 192.168.131.3 auth-port 1645 acct-port 1646
>>            radius-server attribute 8 include-in-access-req
>>            radius-server attribute nas-port format d
>>            radius-server key 7 03035D13555B7248
>>
>>
>>            _______________________________________________
>>            cisco-nas mailing list
>>        cisco-nas at puck.nether.net <mailto:cisco-nas at puck.nether.net>
>>        <mailto:cisco-nas at puck.nether.net
>>        <mailto:cisco-nas at puck.nether.net>>
>>
>>        https://puck.nether.net/mailman/listinfo/cisco-nas
>>
>>
>>
>>
>>
>>
>>
>>
>>        No virus found in this incoming message.
>>        Checked by AVG - www.avg.com <http://www.avg.com>
>>
>>        Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date:
>>        01/21/10 23:34:00
>>
>>
>>
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date: 01/21/10
>> 23:34:00
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20100122/21a2033f/attachment.html>

More information about the cisco-nas mailing list