[j-nsp] Radius - Static IP / ERX

Chris Hellberg chris at chrishellberg.com
Sat Aug 13 08:56:25 EDT 2011


It might be because you don't have an ERX-Local-Interface VSA present. If that doesn't work, double-check that it's in your profile. There're one or two unexpected cases that you need to have the unumbered loopback interface information explicitly configured. The framed netmask shouldn't be needed.


Regards,

Chris




>________________________________
>From: Paul Stewart <paul at paulstewart.org>
>To: juniper-nsp at puck.nether.net
>Sent: Friday, 12 August 2011, 1:35
>Subject: Re: [j-nsp] Radius - Static IP / ERX
>
>Thanks.. yeah the MTU statement is legacy and in place for some other Radius
>authentications....;)
>
>I thought our entries had the Framed-IP-Netmask in them so will have to
>check again as you're right it's not there obviously...  wouldn't think that
>would stop the IP from getting assigned but could be wrong...
>
>Take care,
>
>Paul
>
>
>-----Original Message-----
>From: juniper-nsp-bounces at puck.nether.net
>[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Chris Adams
>Sent: August-11-11 2:26 PM
>To: juniper-nsp at puck.nether.net
>Subject: Re: [j-nsp] Radius - Static IP / ERX
>
>Once upon a time, Paul Stewart <paul at paulstewart.org> said:
>> Getting ready to cut an ERX into production shortly and the only thing not
>> working is static IP assignments via Radius.  According to the docs, you
>can
>> use "Framed-IP-Address" the same as we do in Cisco land today.. but it
>> doesn't' work.
>
>Your example entry doesn't have a Framed-IP-Netmask set, which may be
>required.
>
>Also, Framed-MTU is pretty much useless; since PPP is already negotiated
>before RADIUS authentication occurs, link MTU is already established
>before your Framed-MTU entry can have any affect (this has always been
>the case with PPP+RADIUS, but lots of examples show Framed-MTU anyway).
>
>-- 
>Chris Adams <cmadams at hiwaay.net>
>Systems and Network Administrator - HiWAAY Internet Services
>I don't speak for anybody but myself - that's enough trouble.
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>


More information about the juniper-nsp mailing list