[c-nsp] assigning Dialin IP adresses

Josh Duffek consultantjd16 at ridemetro.org
Thu Feb 10 09:53:50 EST 2005


And these:

Config t
Service timestamp debug datetime msec
End
Debug ppp nego
Debug aaa authen
Debug aaa author
Debug ip peer
Debug radius (all?)
Debug vtemp
Debug vprofile

Thanks,

josh duffek    network engineer
consultantjd16 at ridemetro.org

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Oliver Boehmer (oboehmer)
> Sent: Thursday, February 10, 2005 3:23 AM
> To: Florian Prester; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] assigning Dialin IP adresses
> 
> Florian,
> 
> can you please include your aaa config?
> 
> 	oli
> 
> P.S: cisco-nas at puck.nether.net is a more appropriate mailing list for this
> type of equipment..
> 
> Florian Prester <> wrote on Thursday, February 10, 2005 10:15 AM:
> 
> > Hi,
> >
> > I am using an cisco 3725 as an Access-Server with IOS (tm) 3700
> > Software (C3725-IPBASE-M), Version 12.3(10), RELEASE SOFTWARE (fc3).
> > I have two scenarios:
> >
> > 1.) The users dial in and the authentication/authorization is handeled
> > by a radius server. This Server is telling the accessserver which
> > ip-address the user should get. -> works fine!
> >
> > 2.) If the Radius is down or the network unreachable, one dedicated
> > user should be able to dialin at least to the accessserver, obtaining
> > the ip address from the access server. DOES NOT WORK!?!
> >
> > Here is my config:
> >
> >
> > controller E1 1/0
> >  pri-group timeslots 1-31
> > !
> > !
> > interface Loopback0
> >  ip address 192.44.86.6 255.255.255.255
> > !
> > interface FastEthernet0/1
> >  ip address 192.44.86.36 255.255.255.224
> >  ip access-group 101 out
> >  ip mask-reply
> >  ip directed-broadcast 3
> >  no ip proxy-arp
> >  ip pim sparse-dense-mode
> >  ip multicast ttl-threshold 16
> >  no ip route-cache cef
> >  no ip route-cache
> >  ip cgmp
> >  no ip mroute-cache
> >  ip ospf cost 1
> >  duplex auto
> >  speed auto
> > !
> > interface Serial1/0:15
> >  ip unnumbered Loopback0
> >  ip pim sparse-mode
> >  encapsulation ppp
> >  dialer idle-timeout 6000
> >  dialer-group 1
> >  isdn switch-type primary-net5
> >  isdn incoming-voice modem
> >  isdn skip-async-callerid-check
> > ## -----------> Does not this tell the router to obtain the ip address
> > from the named pool if not given otherwise (e.g. RADIUS)
> >  peer default ip address pool setup-pool
> >  no keepalive
> >  no cdp enable
> >  ppp authentication pap
> >  ppp multilink
> > !
> > interface Virtual-Template1
> >  ip unnumbered Loopback0
> > ## -----------> Does not this tell the router to obtain the ip address
> > from the named pool if not given otherwise (e.g. RADIUS)
> >  peer default ip address pool setup_pool
> >  ppp authentication pap
> > !
> > interface Group-Async0
> >  ip unnumbered Loopback0
> >  encapsulation ppp
> >  ip tcp header-compression
> >  dialer in-band
> >  dialer idle-timeout 6000
> >  async mode interactive
> > ## -----------> Does not this tell the router to obtain the ip address
> > from the named pool if not given otherwise (e.g. RADIUS)
> >  peer default ip address pool setup_pool
> >  ppp authentication pap
> >  group-range 65 94
> > !
> > router ospf 1
> >  log-adjacency-changes
> >  redistribute connected subnets
> >  redistribute static subnets
> >  network 10.8.0.0 0.0.255.255 area 0.0.0.0
> >  network 192.44.86.32 0.0.0.31 area 0.0.0.0
> > !
> > ## ------> Isn´t this the pool the access server should take the ip
> > address from if the radius is not responding??
> > ip local pool setup-pool 172.16.21.1 172.16.21.30
> >
> > The authentication and authorization is working fine, I am just not
> > able to convince the server to tell the dialin user which IP address
> > he/she should take, if not by RADIUS!
> >
> > Thanks
> > florian
> >
> > --
> > --------------------------------------------------------------
> > Dipl. Inf. Florian Prester
> > Network Administration
> > Regionales RechenZentrum Erlangen
> > Universitaet Erlangen-Nuernberg
> > Germany
> >
> > Tel.: +499131 8527813
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list