I guess you don't need the aaa authen debugs, and only really care about the tail end of debug ppp nego(ncp and beyond)....but add "debug radius".� I think the more debugs the better :)<br><br>jd.<br><br><br>
<div class="gmail_quote">On Fri, Jan 22, 2010 at 5:58 PM, Aaron Seelye <span dir="ltr"><<a href="mailto:aseelye-lists@eltopia.com">aseelye-lists@eltopia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Just was going to write back, authorization fixed the IP address portion. �Still working on the netmask problem though, it doesn't seem to be taking the value over radius like it does now for the IP itself. Regarding the debug, there's quite a bit there, should I look for/reply with something in particular?<br>
<br>
-Aaron<div class="im"><br>
<br>
On 1/22/2010 3:37 PM, Josh Duffek | Tredent wrote:<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">
Ahh gotcha...<br>
<br>
It's been awhile since I've looked at this, but...shouldn't aaa<br>
authorization local or radius be on? �I would do this:<br>
<br>
confi t<br>
aaa authorization network default local<br>
end<br>
debug aaa authen<br>
debug aaa author<br>
debug ppp nego<br>
debug ip peer<br>
<br>
and grab "sh ver | i IOS"...(just to make it small)<br>
<br>
...And send that in, if the aaa author command doesn't fix it. �Aaron<br>
can probably answer this better then I can :)<br>
<br>
Thanks,<br>
Josh<br>
<br>
<br>
On Fri, Jan 22, 2010 at 4:57 PM, Aaron Seelye <<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a><br></div><div><div></div><div class="h5">
<mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a>>> wrote:<br>
<br>
� �No, it's a westell dsl modem. �It's giving us problems, presumably<br>
� �because all of my servers are on the same /8, but I can ping<br>
� �google/yahoo/whatever IPs that fall outside the /8.<br>
<br>
� �-Aaron<br>
<br>
<br>
� �On 1/22/2010 2:44 PM, Josh Duffek | Tredent wrote:<br>
<br>
� � � �Is it window clients connecting to this? �If so read this:<br>
� � � �<a href="http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml</a><br>
<br>
� � � �The subnet mask shouldn't be an issue really...can you not route<br>
� � � �traffic<br>
� � � �over the link after it comes up?<br>
<br>
� � � �jd.<br>
<br>
<br>
� � � �On Fri, Jan 22, 2010 at 4:26 PM, Aaron Seelye<br>
� � � �<<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a> <mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a>><br>
� � � �<mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a><br>
� � � �<mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a>>>> wrote:<br>
<br>
� � � � � �Hello,<br>
<br>
� � � � � �I have the following config, and for dynamic IP customers,<br>
� � � �it seems<br>
� � � � � �to be good so far (only testing one user, want to get the kinks<br>
� � � � � �worked out before fully implementing). �However, we have a<br>
� � � �problem<br>
� � � � � �in that the subnet mask that's being negotiated seems to be a /8<br>
� � � � � �(Old Class A default). �Also, if we specify the IP address in<br>
� � � � � �Radius, the Cisco seems to ignore that in the Access-Reply, and<br>
� � � � � �continue to assign the original address it'd intended from<br>
� � � �its pool.<br>
� � � � � � �Any pointers would be greatly appreciated, as the "ppp<br>
� � � �ipcp mask<br>
� � � � � �255.255.255.255" seems to have no effect on the netmask<br>
� � � �negotiated,<br>
� � � � � �and no amount of dial turning has yielded results on the<br>
� � � � � �Radius-assigned IP issue.<br>
<br>
� � � � � �TIA,<br>
<br>
� � � � � �Aaron Seelye<br>
<br>
<br>
<br>
� � � � � �aaa new-model<br>
� � � � � �aaa authentication login default line<br>
� � � � � �aaa authentication ppp default group radius<br>
� � � � � �aaa accounting network default start-stop group radius<br>
<br>
� � � � � �vpdn enable<br>
� � � � � �!<br>
� � � � � �vpdn-group number<br>
� � � � � � �accept-dialin<br>
� � � � � � �protocol pppoe<br>
� � � � � � �virtual-template 1<br>
� � � � � �!<br>
� � � � � �vc-class atm PPP7.1<br>
� � � � � � �protocol pppoe<br>
� � � � � � �ubr 7840<br>
� � � � � � �no ilmi manage<br>
� � � � � � �encapsulation aal5snap<br>
� � � � � �!<br>
� � � � � �interface ATM3/0.311 point-to-point<br>
� � � � � � �description POVN<br>
� � � � � � �pvc 3/11<br>
� � � � � � �class-vc PPP7.1<br>
� � � � � �!<br>
� � � � � �interface Virtual-Template1<br>
� � � � � � �ip unnumbered FastEthernet0/0<br>
� � � � � � �ip mtu 1492<br>
� � � � � � �peer default ip address pool pppoe146<br>
� � � � � � �ppp authentication pap chap<br>
� � � � � � �ppp ipcp mask 255.255.255.255<br>
� � � � � �!<br>
� � � � � �ip local pool pppoe146 192.168.146.1 192.168.146.254<br>
� � � � � �!<br>
� � � � � �radius-server host 192.168.131.3 auth-port 1645 acct-port 1646<br>
� � � � � �radius-server attribute 8 include-in-access-req<br>
� � � � � �radius-server attribute nas-port format d<br>
� � � � � �radius-server key 7 03035D13555B7248<br>
<br>
<br>
� � � � � �_______________________________________________<br>
� � � � � �cisco-nas mailing list<br>
� � � �<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a> <mailto:<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a>><br>
� � � �<mailto:<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a><br>
� � � �<mailto:<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a>>><br>
<br>
� � � �<a href="https://puck.nether.net/mailman/listinfo/cisco-nas" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-nas</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
� � � �No virus found in this incoming message.<br></div></div>
� � � �Checked by AVG - <a href="http://www.avg.com" target="_blank">www.avg.com</a> <<a href="http://www.avg.com" target="_blank">http://www.avg.com</a>><div class="im"><br>
� � � �Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date:<br>
� � � �01/21/10 23:34:00<br>
<br>
<br>
<br>
<br>
<br>
<br>
No virus found in this incoming message.<br>
Checked by AVG - <a href="http://www.avg.com" target="_blank">www.avg.com</a><br>
Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date: 01/21/10 23:34:00<br>
<br>
</div></blockquote>
</blockquote></div><br><br>