[c-nsp] Radius & vrf attributes

M.Palis security at cytanet.com.cy
Wed Dec 8 00:52:40 EST 2004


Hi oli

We have MPLS/VPN customers and they want to have Backup via ISDN/PSTN.
Therefore we will configure dialbackuop on the customer routers and when
their FR/ADSL connection fail, the router will automatically dial to the ISP
and provide backup until FR/ADSL is recovered. In some cases we will need to
add static routes to the ISDN/PSTN account that will dial.
----- Original Message ----- 
From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
To: "M.Palis" <security at cytanet.com.cy>; "Dennis Peng (dpeng)"
<dpeng at cisco.com>
Cc: <cisco-nsp at puck.nether.net>
Sent: Monday, December 06, 2004 9:52 AM
Subject: RE: [c-nsp] Radius & vrf attributes




> It is not working.. It is very strange actually. Radius accepts the
> command and it starts normally but IP route does not shown in the vrf
> routing table of the router.

Is the next-hop 10.10.1.254 reachable in the vrf? Do you see any errors
installing the route ("debug aaa per-user" and "debug aaa
authorization").
What are you trying to achieve? Point a static default route to the user
"dialing" in? This can also be achieved by adding 'Framed-Route =
"0.0.0.0 0.0.0.0" ', framed-route is vrf-aware, and if you omit the
next-hop, we'll automatically use the peer address..

oli


> ----- Original Message -----
> From: "Dennis Peng" <dpeng at cisco.com>
> To: "M.Palis" <security at cytanet.com.cy>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Friday, December 03, 2004 6:39 PM
> Subject: Re: [c-nsp] Radius & vrf attributes
>
>
>> M.Palis [security at cytanet.com.cy] wrote:
>>> Hello all..
>>>
>>>  I am trying to configure Radius to send ip route /vrf to the user
>>> as below.
>>>
>>> Cisco-AVpair = "ip:route = vrf test 0.0.0.0 0.0.0.0 10.10.1.254"
>>                           ^ ^
>>                           | |
>>                           +-+--- remove these spaces.
>>
>> And try again please.
>>
>> Dennis
>>
>>> Radius accept the above but when I do show ip route on the router,
>>> it seems that the route is not inserted in the routing table. Any
>>> help will be appreciated. Below is the radius config for the users
>>>
>>>
>>>
>>> test Auth-Type := MS-CHAP, Password == "!test"
>>>         Service-Type = Framed-User,
>>>         Framed-Protocol = PPP,
>>>         Cisco-AVPair = "lcp:interface-config=ip vrf forwarding test
>>> \n peer default ip address pool test \n ip unnumbered loopback3",
>>>
>>>     Cisco-AVpair = "ip:route = vrf test 0.0.0.0 0.0.0.0 10.10.1.254"
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list