[j-nsp] Restricting RADIUS Routes for E120

Masood Ahmad Shah masood at nexlinx.net.pk
Mon Aug 25 04:22:41 EDT 2008 

Yea you can set the route preferences ( In Cisco world administrative
distance ). For this you need to find the route preference radius attribute
... here is the list of supported radius attributes...


http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-broadband/html/
radius-attributes.html



-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Amr
Sent: Monday, August 25, 2008 11:21 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Restricting RADIUS Routes for E120

Dear All,
            I have a problem in my E120 Router , where i have configured the
RADIUS Server to send to the Users on the E120 thier IP Subnet so that the
IP subnets of the users will be "Access-internal" routes as below

E120#sh ip route 10.10.10.10
  Protocol/Route type codes:
  I1- ISIS level 1, I2- ISIS level2,
  I- route type intra, IA- route type inter, E- route type external,
  i- metric type internal, e- metric type external,
  P- periodic download, O- OSPF, E1- external type 1, E2- external type2,
  N1- NSSA external type1, N2- NSSA external type2
  L- MPLS label, V- VRF, *- via indirect next-hop
  Prefix/Length      Type       Next Hop      Dst/Met
Interface
------------------ --------- --------------- ----------
-----------------------
10.10.10.10/32   *AccIntern *0.0.0.0         2/0
GigabitEthernet3/0/0.505252.59


but by mistake someone configured the RADIUS to send the default route
(0.0.0.0.0/0) for a specific user which affects the performance of the E120
router and modifyed the current default route learned by OSPF

So the Question is
Is it possible to restrict the routes the comes from the RADIUS Server and
not accepting it all (e.g denying the default route from the radius) ?
or

Is it possible to modify the admin distance for the Access-internal routes
so that it will be higher that the dynamic default route configured on the
E120 router ?

Appreciate your help

Thanks In Advance

Regards
Amr
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list