[c-nsp] Injecting Routes Remotely
Matthew Crocker
matthew at crocker.com
Sat Feb 26 15:19:00 EST 2005
>
> Go back and reread the thread, in the very first message the op tells
> us
> that the RAS supports no routing protocols.
>
If the RAS doesn't support any dynamic routing protocol then it can't
be done with a routing protocol (OSPF would have been ideal).
One way to do it is with NAT. Customer connects to RAS and gets an IP
assigned by the RAS, no routing protocols needed. RAS sends RADIUS
accounting packet out with customer ID and IP address allocated.
RADIUS server configures 1:1 NAT on router for customers real IP
(static, roaming) and their current RAS assigned IP.
www.freeradius.org can launch an external app to process 'interesting'
packets. The easiest way would be to put a Linux box inline with the
packet stream from the RAS to the router. If you didn't want the linux
box to be Inline for non NATted traffic you could but it next to the
router and configure some source based routing rules to forward
'interesting' traffic through the NAT box.
-Matt
More information about the cisco-nsp
mailing list