[c-nsp] assigning Dialin IP adresses
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu Feb 10 04:22:55 EST 2005
Florian,
can you please include your aaa config?
oli
P.S: cisco-nas at puck.nether.net is a more appropriate mailing list for this type of equipment..
Florian Prester <> wrote on Thursday, February 10, 2005 10:15 AM:
> Hi,
>
> I am using an cisco 3725 as an Access-Server with IOS (tm) 3700
> Software (C3725-IPBASE-M), Version 12.3(10), RELEASE SOFTWARE (fc3).
> I have two scenarios:
>
> 1.) The users dial in and the authentication/authorization is handeled
> by a radius server. This Server is telling the accessserver which
> ip-address the user should get. -> works fine!
>
> 2.) If the Radius is down or the network unreachable, one dedicated
> user should be able to dialin at least to the accessserver, obtaining
> the ip address from the access server. DOES NOT WORK!?!
>
> Here is my config:
>
>
> controller E1 1/0
> pri-group timeslots 1-31
> !
> !
> interface Loopback0
> ip address 192.44.86.6 255.255.255.255
> !
> interface FastEthernet0/1
> ip address 192.44.86.36 255.255.255.224
> ip access-group 101 out
> ip mask-reply
> ip directed-broadcast 3
> no ip proxy-arp
> ip pim sparse-dense-mode
> ip multicast ttl-threshold 16
> no ip route-cache cef
> no ip route-cache
> ip cgmp
> no ip mroute-cache
> ip ospf cost 1
> duplex auto
> speed auto
> !
> interface Serial1/0:15
> ip unnumbered Loopback0
> ip pim sparse-mode
> encapsulation ppp
> dialer idle-timeout 6000
> dialer-group 1
> isdn switch-type primary-net5
> isdn incoming-voice modem
> isdn skip-async-callerid-check
> ## -----------> Does not this tell the router to obtain the ip address
> from the named pool if not given otherwise (e.g. RADIUS)
> peer default ip address pool setup-pool
> no keepalive
> no cdp enable
> ppp authentication pap
> ppp multilink
> !
> interface Virtual-Template1
> ip unnumbered Loopback0
> ## -----------> Does not this tell the router to obtain the ip address
> from the named pool if not given otherwise (e.g. RADIUS)
> peer default ip address pool setup_pool
> ppp authentication pap
> !
> interface Group-Async0
> ip unnumbered Loopback0
> encapsulation ppp
> ip tcp header-compression
> dialer in-band
> dialer idle-timeout 6000
> async mode interactive
> ## -----------> Does not this tell the router to obtain the ip address
> from the named pool if not given otherwise (e.g. RADIUS)
> peer default ip address pool setup_pool
> ppp authentication pap
> group-range 65 94
> !
> router ospf 1
> log-adjacency-changes
> redistribute connected subnets
> redistribute static subnets
> network 10.8.0.0 0.0.255.255 area 0.0.0.0
> network 192.44.86.32 0.0.0.31 area 0.0.0.0
> !
> ## ------> Isn´t this the pool the access server should take the ip
> address from if the radius is not responding??
> ip local pool setup-pool 172.16.21.1 172.16.21.30
>
> The authentication and authorization is working fine, I am just not
> able to convince the server to tell the dialin user which IP address
> he/she should take, if not by RADIUS!
>
> Thanks
> florian
>
> --
> --------------------------------------------------------------
> Dipl. Inf. Florian Prester
> Network Administration
> Regionales RechenZentrum Erlangen
> Universitaet Erlangen-Nuernberg
> Germany
>
> Tel.: +499131 8527813
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list