[rbak-nsp] clips - next step, IP address assignment by Radius
Ron Ripley
ripleydotnet at gmail.com
Wed Oct 15 13:23:22 EDT 2008
Marcin,
This should work with RADIUS using the framed-IP-address VSA and the
DHCP_Max_Leases.
example RADIUS record:
00:16:xx:xx:xx:68 Password=="Redback"
Service-Type = Outbound-User,
Framed-IP-Address = 192.168.2.254,
Framed-IP-Netmask = 255.255.255.0,
DHCP_Max_Leases = 1
The IP address listed in the Framed-IP-Address must be part of the
DHCP subnet, but outside the range. Make sure you remove the MAC to IP
mappings in your DHCP server config as I am quite sure those will
override the RADIUS VSA.
context BRAS
!
interface dhcp01 multibind
ip address 192.168.2.1/24
dhcp server interface
!
dhcp server policy
option domain-name-server 11.11.11.11 12.12.12.12
subnet 192.168.2.0/24
range 192.168.2.2 192.168.2.50
option router 192.168.2.1
00:16:xx:xx:xx:68
Circuit 1/12 vlan-id 100 clips 131219
Internal Circuit 1/12:1023:63/7/2/147
Interface bound dhcp01
Current port-limit unlimited
dhcp max-addrs 1 (applied)
ip address 192.168.2.254 255.255.255.0 (applied)
dhcp option client id (applied)
dhcp option hostname (applied)
IP host entries installed by DHCP: (max_addr 1 cur_entries 1)
192.168.2.254 00:16:xx:xx:xx:68
You can also add all the necessary QoS attributes to that RADIUS
record as well.
Hope this helps,
Cheers
On 15-Oct-08, at 3:37 AM, Marcin Kuczera wrote:
> hello,
>
> Finally I've my dynamic Clips running.
> At the moment my config is like that:
>
> context r0
> !
> no ip domain-lookup
> !
> interface clips multibind
> ip address 194.169.126.1/24
> dhcp server interface
> !
> aaa authentication administrator local
> aaa authentication administrator maximum sessions 1
> !
> !
> subscriber default
> ip source-validation
> dhcp max-addrs 1
> dns primary 195.66.73.4
> dns secondary 195.66.73.11
> !
> subscriber name 00:0c:42:24:93:26
> password Redback
> dhcp max-addrs 10
> subscriber name 00:1c:25:72:bb:25
> password Redback
> qos policy policing 1024-upload
> qos policy metering 1024-download
> service ssh client
> service telnet client
> !
> dhcp server policy
> default-lease-time 900
> maximum-lease-time 900
> subnet 194.169.126.0/24
> range 194.169.126.50 194.169.126.100
> mac-address 00:0c:42:24:93:26 ip-address 194.169.126.33
>
> #########
>
> [r0]RedBack-test#show subscribers active
> 00:0c:42:24:93:26
> Circuit 2/4 vlan-id 802 clips 131258
> Internal Circuit 2/4:1023:63/7/2/186
> Interface bound clips
> Current port-limit unlimited
> dhcp max-addrs 1 (applied)
> dns primary 195.66.73.4 (applied from sub_default)
> dns secondary 195.66.73.11 (applied from sub_default)
> ip source-validation 1 (applied from sub_default)
> dhcp option client id 0x3d0701000c42249326 (applied)
> dhcp option hostname 0x0c084d696b726f54696b (applied)
> IP host entries installed by DHCP: (max_addr 1 cur_entries 1)
> 194.169.126.33 00:0c:42:24:93:26
> [r0]RedBack-test#
>
> ok - but - I want to have all subscriber's definition in Radius, so
> also I want Radius to inform DHCP server about IP address to be
> assigned to particular subscriber.
> (we use static IP assignment).
>
> If I put "ip address 194.169.126.33" under subscriber definition -
> the clips doesn't come up. Seems that DHCP doesn't understand
> information from aaa, that said to use particular IP for this
> subscriber.
>
> Is there such possibility at all ?
> If yes, how to make it working ? Any "option" in DHCP server
> configuration ?
>
> Regards,
> Marcin
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
--
Ron Ripley
ripleydotnet at gmail.com
More information about the redback-nsp
mailing list