[nsp] Assign multiple Static IP addresses via Cisco AVPairs to Dialup connection (Was: Provide routable IP over dynamic assigned remotelink)

Dave [Hawk-Systems] dave at hawk-systems.com
Tue Dec 17 09:12:48 EST 2002


Anyone else able to comment on this thread?

Assigning multiple routable IP addresses to a dialup analog or digital
connection...
(using non-routable IP block for demonstration only)

>> >> Assuming that is doable (from a RADIUS perspective it isn't
>difficult), how
>> >> would we assign multiple IP addresses if the client needed it.
>> >
>> >Doing this from RADIUS, you would add in Framed-Route (attrib 22)
>> >as needed.  For example, let's say that your client gets the
>> >IP address 10.0.0.1 and the subnet 10.0.0.0/29.  Then you
>> >would give him a Framed-IP-Address of 10.0.0.1 and a
>> >Framed-Route of (if I have this right) "10.0.0.0/29 10.0.0.1".
>> >This should dynamically install a temporary static route
>> >on the NAS as needed.
>
>> Lost me a bit here...
>
>> 	Framed-IP-Address = 10.0.0.190
>> 	Framed-IP-Netmask = 255.255.255.254
>
>> would assign 2 addresses, 10.0.0.190 and 10.0.0.191 correct?
>
>Might work!
>
>The way I'd put this rather than "assign 2 addresses" is:
>Framed-IP-Address assigns the address (i.e. the IPCP peer's
>address.)  Framed-IP-Netmask determines the route that will
>be installed in our routing table when IPCP comes up.  However
>I don't know whether Framed-IP-Netmask will also have the
>effect of taking 10.0.0.191 out of the RADIUS address pool.
>
>The reason why I mentioned Framed-Route instead is that
>it seems clearer and more general to me.
>
>> ...and (staying in our "ip local pool default 10.0.0.1 10.0.0.192")
>
>> 	Framed-IP-Address = 10.0.0.188
>> 	Framed-IP-Netmask = 255.255.255.252
>
>> would assign 4 addresses, 10.0.0.188 through .191 to the user
>interface correct?
>
>> Does the Framed-Routing Avoid having to use two of the IPs for Address and
>> Broadcast and just assign both to the interface with the same
>broadcast as the
>> rest of the NAS?
>
>Um, that's a bit of a complicated topic.  I think it's possible
>to hand out two addresses to a remote client rather than wasting
>an address for the subnet and another for the directed broadcast,
>but this might hinge on things like the client not knowing what
>is mask "really" is, and having directed broadcasts enabled on
>the central site and who knows what.  As far as I'm concerned,
>you can always use host routes to provide the route granularity
>you want, although of course there's scalability to worry about.
>
>> Little beyond my routing knowledge with this.
>
>> Dave
>
>I'm at the limit of my routing (and RADIUS!) knowledge here, too.
>Perhaps someone with some actual experience will chime in here.

thanks for the input.  Anyone have experience, information, or live config doing
this who can shed some light?

Appreciated,

Dave




More information about the cisco-nsp mailing list