[j-nsp] Radius - Static IP / ERX

Paul Stewart paul at paulstewart.org
Mon Aug 15 11:25:07 EDT 2011 

Thanks very much.. I appreciate the input from the list.

 

The profile looks like this currently:

 

profile test

ip virtual-router default

ip unnumbered loopback 0

ip mtu 1492

ip sa-validate

ip tcp adjust-mss 1460

ppp authentication virtual-router default pap

ppp keepalive 120

ppp fragmentation

ppp reassembly

vlan auto-configure pppoe

 

Is there anything "obvious" wrong with this?  I read in the docs somewhere
about an option to explicitly permit Radius to assign a subnet to a customer
- is there a similar statement required to statically assign a single host
address (bearing in mind that dynamic addresses are coming from a local
pool)

 

Would the ERX-Local-Interface be the Loopback0 interface in my case?  It has
an IP address assigned to it that is reachable etc.

 

Thanks,

 

Paul

 

 

From: Chris Hellberg [mailto:chris at chrishellberg.com] 
Sent: Saturday, August 13, 2011 8:56 AM
To: Paul Stewart; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Radius - Static IP / ERX

 

It might be because you don't have an ERX-Local-Interface VSA present. If
that doesn't work, double-check that it's in your profile. There're one or
two unexpected cases that you need to have the unumbered loopback interface
information explicitly configured. The framed netmask shouldn't be needed.

 

Regards,

 

Chris

 


  _____  


From: Paul Stewart <paul at paulstewart.org>
To: juniper-nsp at puck.nether.net
Sent: Friday, 12 August 2011, 1:35
Subject: Re: [j-nsp] Radius - Static IP / ERX

Thanks.. yeah the MTU statement is legacy and in place for some other Radius
authentications....;)

I thought our entries had the Framed-IP-Netmask in them so will have to
check again as you're right it's not there obviously...  wouldn't think that
would stop the IP from getting assigned but could be wrong...

Take care,

Paul


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Chris Adams
Sent: August-11-11 2:26 PM
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Radius - Static IP / ERX

Once upon a time, Paul Stewart <paul at paulstewart.org> said:
> Getting ready to cut an ERX into production shortly and the only thing not
> working is static IP assignments via Radius.  According to the docs, you
can
> use "Framed-IP-Address" the same as we do in Cisco land today.. but it
> doesn't' work.

Your example entry doesn't have a Framed-IP-Netmask set, which may be
required.

Also, Framed-MTU is pretty much useless; since PPP is already negotiated
before RADIUS authentication occurs, link MTU is already established
before your Framed-MTU entry can have any affect (this has always been
the case with PPP+RADIUS, but lots of examples show Framed-MTU anyway).

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list