Ahh gotcha...<br><br>It's been awhile since I've looked at this, but...shouldn't aaa authorization local or radius be on? I would do this:<br><br>confi t<br>aaa authorization network default local <br>end<br>debug aaa authen<br>
debug aaa author<br>debug ppp nego<br>debug ip peer<br><br>and grab "sh ver | i IOS"...(just to make it small)<br><br>...And send that in, if the aaa author command doesn't fix it. Aaron can probably answer this better then I can :)<br>
<br>Thanks,<br>Josh<br><br><br><div class="gmail_quote">On Fri, Jan 22, 2010 at 4:57 PM, Aaron Seelye <span dir="ltr"><<a href="mailto:aseelye-lists@eltopia.com">aseelye-lists@eltopia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
No, it's a westell dsl modem. It's giving us problems, presumably because all of my servers are on the same /8, but I can ping google/yahoo/whatever IPs that fall outside the /8.<br>
<br>
-Aaron<div class="im"><br>
<br>
On 1/22/2010 2:44 PM, Josh Duffek | Tredent wrote:<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">
Is it window clients connecting to this? If so read this:<br>
<a href="http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c77.shtml</a><br>
<br>
The subnet mask shouldn't be an issue really...can you not route traffic<br>
over the link after it comes up?<br>
<br>
jd.<br>
<br>
<br>
On Fri, Jan 22, 2010 at 4:26 PM, Aaron Seelye <<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a><br></div><div><div></div><div class="h5">
<mailto:<a href="mailto:aseelye-lists@eltopia.com" target="_blank">aseelye-lists@eltopia.com</a>>> wrote:<br>
<br>
Hello,<br>
<br>
I have the following config, and for dynamic IP customers, it seems<br>
to be good so far (only testing one user, want to get the kinks<br>
worked out before fully implementing). However, we have a problem<br>
in that the subnet mask that's being negotiated seems to be a /8<br>
(Old Class A default). Also, if we specify the IP address in<br>
Radius, the Cisco seems to ignore that in the Access-Reply, and<br>
continue to assign the original address it'd intended from its pool.<br>
Any pointers would be greatly appreciated, as the "ppp ipcp mask<br>
255.255.255.255" seems to have no effect on the netmask negotiated,<br>
and no amount of dial turning has yielded results on the<br>
Radius-assigned IP issue.<br>
<br>
TIA,<br>
<br>
Aaron Seelye<br>
<br>
<br>
<br>
aaa new-model<br>
aaa authentication login default line<br>
aaa authentication ppp default group radius<br>
aaa accounting network default start-stop group radius<br>
<br>
vpdn enable<br>
!<br>
vpdn-group number<br>
accept-dialin<br>
protocol pppoe<br>
virtual-template 1<br>
!<br>
vc-class atm PPP7.1<br>
protocol pppoe<br>
ubr 7840<br>
no ilmi manage<br>
encapsulation aal5snap<br>
!<br>
interface ATM3/0.311 point-to-point<br>
description POVN<br>
pvc 3/11<br>
class-vc PPP7.1<br>
!<br>
interface Virtual-Template1<br>
ip unnumbered FastEthernet0/0<br>
ip mtu 1492<br>
peer default ip address pool pppoe146<br>
ppp authentication pap chap<br>
ppp ipcp mask 255.255.255.255<br>
!<br>
ip local pool pppoe146 192.168.146.1 192.168.146.254<br>
!<br>
radius-server host 192.168.131.3 auth-port 1645 acct-port 1646<br>
radius-server attribute 8 include-in-access-req<br>
radius-server attribute nas-port format d<br>
radius-server key 7 03035D13555B7248<br>
<br>
<br>
_______________________________________________<br>
cisco-nas mailing list<br></div></div>
<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a> <mailto:<a href="mailto:cisco-nas@puck.nether.net" target="_blank">cisco-nas@puck.nether.net</a>><div class="im"><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-nas" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-nas</a><br>
<br>
<br>
<br>
<br></div>
<br>
<br>
<br>
<br>
No virus found in this incoming message.<br>
Checked by AVG - <a href="http://www.avg.com" target="_blank">www.avg.com</a><br>
Version: 9.0.730 / Virus Database: 271.1.1/2638 - Release Date: 01/21/10 23:34:00<br>
<br>
</blockquote>
</blockquote></div><br><br>