[c-nsp] Radius & vrf attributes

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Dec 8 01:39:58 EST 2004 

> We have MPLS/VPN customers and they want to have Backup via ISDN/PSTN.
> Therefore we will configure dialbackuop on the customer routers and
> when their FR/ADSL connection fail, the router will automatically dial
to
> the ISP and provide backup until FR/ADSL is recovered. In some cases
we will
> need to add static routes to the ISDN/PSTN account that will dial.

Ok, fair enough, this is a common deployment. 

Did the debugging show any problems installing the route? Did you try
the Framed-Route? It should work either way, so please add some more
info (exact profile, ppp+aaa debug) so we can troubleshoot from there. 

	oli

> ----- Original Message -----
> From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> To: "M.Palis" <security at cytanet.com.cy>; "Dennis Peng (dpeng)"
> <dpeng at cisco.com>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Monday, December 06, 2004 9:52 AM
> Subject: RE: [c-nsp] Radius & vrf attributes
> 
> 
> 
> 
>> It is not working.. It is very strange actually. Radius accepts the
>> command and it starts normally but IP route does not shown in the vrf
>> routing table of the router.
> 
> Is the next-hop 10.10.1.254 reachable in the vrf? Do you see any
> errors 
> installing the route ("debug aaa per-user" and "debug aaa
> authorization").
> What are you trying to achieve? Point a static default route to the
> user "dialing" in? This can also be achieved by adding 'Framed-Route =
> "0.0.0.0 0.0.0.0" ', framed-route is vrf-aware, and if you omit the
> next-hop, we'll automatically use the peer address..
> 
> oli
> 
> 
>> ----- Original Message -----
>> From: "Dennis Peng" <dpeng at cisco.com>
>> To: "M.Palis" <security at cytanet.com.cy>
>> Cc: <cisco-nsp at puck.nether.net>
>> Sent: Friday, December 03, 2004 6:39 PM
>> Subject: Re: [c-nsp] Radius & vrf attributes
>> 
>> 
>>> M.Palis [security at cytanet.com.cy] wrote:
>>>> Hello all..
>>>> 
>>>>  I am trying to configure Radius to send ip route /vrf to the user
>>>> as below. 
>>>> 
>>>> Cisco-AVpair = "ip:route = vrf test 0.0.0.0 0.0.0.0 10.10.1.254"
>>>                           ^ ^
>>>                           | |
>>>                           +-+--- remove these spaces.
>>> 
>>> And try again please.
>>> 
>>> Dennis
>>> 
>>>> Radius accept the above but when I do show ip route on the router,
>>>> it seems that the route is not inserted in the routing table. Any
>>>> help will be appreciated. Below is the radius config for the users
>>>> 
>>>> 
>>>> 
>>>> test Auth-Type := MS-CHAP, Password == "!test"
>>>>         Service-Type = Framed-User,
>>>>         Framed-Protocol = PPP,
>>>>         Cisco-AVPair = "lcp:interface-config=ip vrf forwarding test
>>>> \n peer default ip address pool test \n ip unnumbered loopback3",
>>>> 
>>>>     Cisco-AVpair = "ip:route = vrf test 0.0.0.0 0.0.0.0
>>>> 10.10.1.254" 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list