[c-nsp] Assiging tag to AAA per-user route
Michael Ulitskiy
mulitskiy at acedsl.com
Tue Jul 21 00:29:47 EDT 2009
Hello,
I have a situation when I want to assign different route tags to per-user routes received from radius by L2TP LNS.
I know that I can use cisco VSA "ip:route=<network> <subnet> <gateway> tag XXX".
The problem with it is that I have to supply next-hop ip in that VSA, which means that I also have to do per-user static
ip assignment, i.e. my radius profile would look like this:
user Password=mypass
Service-Type = Framed
Framed-Protocol = PPP
Framed-IP-Addres = 192.168.15.5
Cisco-Avpair = "ip:route 10.10.10.0 255.255.255.0 192.168.15.5 tag 10"
I'd really prefer to avoid per-user static ip assignment and let peer ip to be dynamically assigned by LNS local pool.
Unfortunately if I'm to specify a tag in that Cisco-Avpair then specifying next-hop ip is required, otherwise router gives me an
error saying "parser is unable to parse ip route" during aaa authorization.
Experimenting I found out that if I'm specify next-hop ip as 0.0.0.0 then it does what I need, i.e. it installs per-user
static route pointing to dynamically assigned peer ip and it applies specified route tag to it. Tested with 12.4(19b).
Here's radius profile that achieve what I need:
user Password=mypass
Service-Type = Framed
Framed-Protocol = PPP
Cisco-Avpair = "ip:route 10.10.10.0 255.255.255.0 0.0.0.0 tag 10"
So I guess my question is if it's supported configuration and if anybody else doing something like this? Or may be there's a better
way to accomplish this and I'm doing something stupid? Don't want to deploy this and then get beaten when it stops working
with the next IOS upgrade because it was never supposed to work that way. So I thought I'd ask community for the advice.
Thanks in advance,
Michael
More information about the cisco-nsp
mailing list