[j-nsp] Radius - Static IP / ERX
Paul Stewart
paul at paulstewart.org
Mon Aug 15 11:25:07 EDT 2011
Thanks very much.. I appreciate the input from the list.
The profile looks like this currently:
profile test
ip virtual-router default
ip unnumbered loopback 0
ip mtu 1492
ip sa-validate
ip tcp adjust-mss 1460
ppp authentication virtual-router default pap
ppp keepalive 120
ppp fragmentation
ppp reassembly
vlan auto-configure pppoe
Is there anything "obvious" wrong with this? I read in the docs somewhere
about an option to explicitly permit Radius to assign a subnet to a customer
- is there a similar statement required to statically assign a single host
address (bearing in mind that dynamic addresses are coming from a local
pool)
Would the ERX-Local-Interface be the Loopback0 interface in my case? It has
an IP address assigned to it that is reachable etc.
Thanks,
Paul
From: Chris Hellberg [mailto:chris at chrishellberg.com]
Sent: Saturday, August 13, 2011 8:56 AM
To: Paul Stewart; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Radius - Static IP / ERX
It might be because you don't have an ERX-Local-Interface VSA present. If
that doesn't work, double-check that it's in your profile. There're one or
two unexpected cases that you need to have the unumbered loopback interface
information explicitly configured. The framed netmask shouldn't be needed.
Regards,
Chris
_____
From: Paul Stewart <paul at paulstewart.org>
To: juniper-nsp at puck.nether.net
Sent: Friday, 12 August 2011, 1:35
Subject: Re: [j-nsp] Radius - Static IP / ERX
Thanks.. yeah the MTU statement is legacy and in place for some other Radius
authentications....;)
I thought our entries had the Framed-IP-Netmask in them so will have to
check again as you're right it's not there obviously... wouldn't think that
would stop the IP from getting assigned but could be wrong...
Take care,
Paul
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Chris Adams
Sent: August-11-11 2:26 PM
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Radius - Static IP / ERX
Once upon a time, Paul Stewart <paul at paulstewart.org> said:
> Getting ready to cut an ERX into production shortly and the only thing not
> working is static IP assignments via Radius. According to the docs, you
can
> use "Framed-IP-Address" the same as we do in Cisco land today.. but it
> doesn't' work.
Your example entry doesn't have a Framed-IP-Netmask set, which may be
required.
Also, Framed-MTU is pretty much useless; since PPP is already negotiated
before RADIUS authentication occurs, link MTU is already established
before your Framed-MTU entry can have any affect (this has always been
the case with PPP+RADIUS, but lots of examples show Framed-MTU anyway).
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list