I guess you don't need the aaa authen debugs, and only really care about the tail end of debug ppp nego(ncp and beyond)....but add "debug radius". I think the more debugs the better :)<br><br>jd.<br><br><br>
<div class="gmail_quote">On Fri, Jan 22, 2010 at 5:58 PM, Aaron Seelye <span dir="ltr"><<a href="mailto:aseelye-lists@eltopia.com">aseelye-lists@eltopia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Just was going to write back, authorization fixed the IP address portion. Still working on the netmask problem though, it doesn't seem to be taking the value over radius like it does now for the IP itself. Regarding the debug, there's quite a bit there, should I look for/reply with something in particular?<br>
<br>
-Aaron<div class="im"><br>
<br>
On 1/22/2010 3:37 PM, Josh Duffek | Tredent wrote:<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">
Ahh gotcha...<br>
<br>
It's been awhile since I've looked at this, but...shouldn't aaa<br>
authorization local or radius be on? I would do this:<br>
<br>
confi t<br>
aaa authorization network default local<br>
end<br>
debug aaa authen<br>
debug aaa author<br>
debug ppp nego<br>
debug ip peer<br>
<br>
and grab "sh ver | i IOS"...(just to make it small)<br>
<br>
...And send that in, if the aaa author command doesn't fix it. Aaron<br>
can probably answer this better then I can :)<br>
<br>
Thanks,<br>
Josh<br>
<br>
<br>
On Fri, Jan 22, 2010 at 4:57 PM, Aaron Seelye <<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a><br></div><div><div></div><div class="h5">
<mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a>>> wrote:<br>
<br>
No, it's a westell dsl modem. It's giving us problems, presumably<br>
because all of my servers are on the same /8, but I can ping<br>
google/yahoo/whatever IPs that fall outside the /8.<br>
<br>
-Aaron<br>
<br>
<br>
On 1/22/2010 2:44 PM, Josh Duffek | Tredent wrote:<br>
<br>
Is it window clients connecting to this? If so read this:<br>
<a href="http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml</a><br>
<br>
The subnet mask shouldn't be an issue really...can you not route<br>
traffic<br>
over the link after it comes up?<br>
<br>
jd.<br>
<br>
<br>
On Fri, Jan 22, 2010 at 4:26 PM, Aaron Seelye<br>
<<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a> <mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a>><br>
<mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a><br>
<mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a>>>> wrote:<br>
<br>
Hello,<br>
<br>
I have the following config, and for dynamic IP customers,<br>
it seems<br>
to be good so far (only testing one user, want to get the kinks<br>
worked out before fully implementing). However, we have a<br>
problem<br>
in that the subnet mask that's being negotiated seems to be a /8<br>
(Old Class A default). Also, if we specify the IP address in<br>
Radius, the Cisco seems to ignore that in the Access-Reply, and<br>
continue to assign the original address it'd intended from<br>
its pool.<br>
Any pointers would be greatly appreciated, as the "ppp<br>
ipcp mask<br>
255.255.255.255" seems to have no effect on the netmask<br>
negotiated,<br>
and no amount of dial turning has yielded results on the<br>
Radius-assigned IP issue.<br>
<br>
TIA,<br>
<br>
Aaron Seelye<br>
<br>
<br>
<br>
aaa new-model<br>
aaa authentication login default line<br>
aaa authentication ppp default group radius<br>
aaa accounting network default start-stop group radius<br>
<br>
vpdn enable<br>
!<br>
vpdn-group number<br>
accept-dialin<br>
protocol pppoe<br>
virtual-template 1<br>
!<br>
vc-class atm PPP7.1<br>
protocol pppoe<br>
ubr 7840<br>
no ilmi manage<br>
encapsulation aal5snap<br>
!<br>
interface ATM3/0.311 point-to-point<br>
description POVN<br>
pvc 3/11<br>
class-vc PPP7.1<br>
!<br>
interface Virtual-Template1<br>
ip unnumbered FastEthernet0/0<br>
ip mtu 1492<br>
peer default ip address pool pppoe146<br>
ppp authentication pap chap<br>
ppp ipcp mask 255.255.255.255<br>
!<br>
ip local pool pppoe146 192.168.146.1 192.168.146.254<br>
!<br>
radius-server host 192.168.131.3 auth-port 1645 acct-port 1646<br>
radius-server attribute 8 include-in-access-req<br>
radius-server attribute nas-port format d<br>
radius-server key 7 03035D13555B7248<br>
<br>
<br>
_______________________________________________<br>
cisco-nas mailing list<br>
<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a> <mailto:<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a>><br>
<mailto:<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a><br>
<mailto:<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a>>><br>
<br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-nas" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-nas</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
No virus found in this incoming message.<br></div></div>
Checked by AVG - <a href="http://www.avg.com" target="_blank">www.avg.com</a> <<a href="http://www.avg.com" target="_blank">http://www.avg.com</a>><div class="im"><br>
Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date:<br>
01/21/10 23:34:00<br>
<br>
<br>
<br>
<br>
<br>
<br>
No virus found in this incoming message.<br>
Checked by AVG - <a href="http://www.avg.com" target="_blank">www.avg.com</a><br>
Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date: 01/21/10 23:34:00<br>
<br>
</div></blockquote>
</blockquote></div><br><br>