[j-nsp] Restricting RADIUS Routes for E120

Amr amr.ccie at gmail.com
Mon Aug 25 04:17:53 EDT 2008 

Dear Masood ,
                Thanks , but can this change be made from the E120 Side ?

Regards
Amr



On Mon, Aug 25, 2008 at 11:22 AM, Masood Ahmad Shah
<masood at nexlinx.net.pk>wrote:

> Yea you can set the route preferences ( In Cisco world administrative
> distance ). For this you need to find the route preference radius attribute
> ... here is the list of supported radius attributes...
>
>
>
> http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-broadband/html/
> radius-attributes.html
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Amr
> Sent: Monday, August 25, 2008 11:21 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Restricting RADIUS Routes for E120
>
> Dear All,
>            I have a problem in my E120 Router , where i have configured the
> RADIUS Server to send to the Users on the E120 thier IP Subnet so that the
> IP subnets of the users will be "Access-internal" routes as below
>
> E120#sh ip route 10.10.10.10
>  Protocol/Route type codes:
>  I1- ISIS level 1, I2- ISIS level2,
>  I- route type intra, IA- route type inter, E- route type external,
>  i- metric type internal, e- metric type external,
>  P- periodic download, O- OSPF, E1- external type 1, E2- external type2,
>  N1- NSSA external type1, N2- NSSA external type2
>  L- MPLS label, V- VRF, *- via indirect next-hop
>  Prefix/Length      Type       Next Hop      Dst/Met
> Interface
> ------------------ --------- --------------- ----------
> -----------------------
> 10.10.10.10/32   *AccIntern *0.0.0.0         2/0
> GigabitEthernet3/0/0.505252.59
>
>
> but by mistake someone configured the RADIUS to send the default route
> (0.0.0.0.0/0) for a specific user which affects the performance of the E120
> router and modifyed the current default route learned by OSPF
>
> So the Question is
> Is it possible to restrict the routes the comes from the RADIUS Server and
> not accepting it all (e.g denying the default route from the radius) ?
> or
>
> Is it possible to modify the admin distance for the Access-internal routes
> so that it will be higher that the dynamic default route configured on the
> E120 router ?
>
> Appreciate your help
>
> Thanks In Advance
>
> Regards
> Amr
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

More information about the juniper-nsp mailing list