[nsp] Static-IP on AS5300 via RADIUS

Martin Cooper mjc at cooper.org.uk
Fri Feb 7 20:47:47 EST 2003 

Does anyone know if there's something I need to configure on
the Cisco NAS to make it use Cisco-AVPair attributes from the
RADIUS server to assign dial-in users static IP addresses ?

(I've tried 'radius-server host 131.111.xx.xx non-standard'.)

- I'm using the reference implementation of Livingston RADIUS.
- I've defined the Cisco-AVpair attributes in the dictionary:

#
# Vendor-Specific attributes use the SMI Network Management Private
# Enterprise Code from the "Assigned Numbers" RFC
#
VENDOR          Cisco           9

#
# Cisco Vendor-Specific Attributes
#
ATTRIBUTE       Cisco-AVPair                    1       string  Cisco
ATTRIBUTE       Account-Info                    250     string  Cisco
ATTRIBUTE       Service-Info                    251     string  Cisco
ATTRIBUTE       Command-Code                    252     string  Cisco

- I've got the following entry in the RADIUS users file:

static  Crypt-Password = "<removed>",
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 131.111.xx.xx,
        Framed-MTU = 1500,
        Cisco-AVPair = "ip:addr=131.111.xx.xx"

- I've got the following AAA/interface/pool config on the NAS:

aaa new-model
!
aaa authentication login dialin group radius
aaa authentication ppp default local group radius
aaa authorization exec NOAUTHO none
!
ip address-pool local
!
interface Serial3/0:15
 ip unnumbered Loopback0
 encapsulation ppp
 isdn switch-type primary-net5
 isdn incoming-voice modem
 peer default ip address pool magpie3 magpie2 magpie1
 ppp authentication pap
 ppp timeout idle 900
!
interface Group-Async0
 ip unnumbered Loopback0
 encapsulation ppp
 ip tcp header-compression
 autodetect encapsulation ppp
 async mode interactive
 peer default ip address pool magpie1 magpie2
 ppp authentication pap
 ppp chap refuse
 ppp timeout idle 900
 group-range 1/00 2/107
!
ip local pool magpie1 131.111.xx.65 131.111.xx.89
ip local pool magpie2 131.111.xx.100 131.111.xx.159
ip local pool magpie3 131.111.xx.160 131.111.xx.216
!
radius-server host 131.111.xx.xx auth-port 1647 acct-port 1646
radius-server retransmit 3
radius-server key 7 <removed>
radius-server authorization permit missing Service-Type
!
line 1/00 2/107
 session-timeout 15 
 exec-timeout 2 0
 authorization exec NOAUTHO
 login authentication dialin
 no modem callout
 modem Dialin
 modem autoconfigure type magpie-v92-v44
 transport preferred none
 autoselect ppp
 dispatch-timeout 100
!

Cheers,

Martin

More information about the cisco-nsp mailing list