[rbak-nsp] Subnet mask and default gateway for CLIPS from

Ron Ripley ripleydotnet at gmail.com
Fri Jun 19 08:56:16 EDT 2009 

I see,  there is a DHCP proxy/relay between the subscriber and  
smartedge.

This is similar to what I have done in the past and used the dhcp  
server policy to create a different next hop for clients.  in this  
case, i use an interface to assign to the vlan so I could reach the  
proxy server (192.168.24.5) and route the subnet to it.  The multibind  
interface is part of the subnet and acts as si-addr, the clients are  
given the IP of the proxy as the nearest router...  but this is going  
to make you create multiple smaller IP address ranges instead of your / 
18.



context Region1
!
  no ip domain-lookup
!
  interface Region1-clips multibind
   ip address 206.107.158.7/25
   dhcp server interface
!
  interface loop0 loopback
   description Source for RADIUS Authentication
   ip address 198.172.156.17/32
    ip source-address radius
!
  interface toLocal
   ip address 10.0.1.6/30
!
  interface vlan101
   ip address 192.168.24.1/24
    ip source-address dhcp-server
  no logging console
!
  aaa authentication subscriber radius
!
  radius server 216.152.192.13 key xxxx oldports
  radius server 216.152.192.21 key xxxx oldports
  radius attribute nas-ip-address interface loop0
  radius algorithm round-robin
!
  subscriber default
    qos policy policing silver_in
    qos policy metering silver_out
    dhcp max-addrs 1
    dns primary 205.146.98.2
    dns secondary 206.107.152.2
!
  ip route 0.0.0.0/0 10.0.1.5
  ip route 206.107.158.0/25 192.168.24.5
!
  dhcp server policy
    subnet 206.107.158.0/25
      range 206.107.158.25 206.107.158.126
      option router 206.107.158.1
      default-lease-time 900
      maximum-lease-time 1200
!
port ethernet 1/2
  description 100mb Ethernet
  no shutdown
  encapsulation dot1q
  bind interface etherwan-mgt local
  dot1q pvc 101
   service clips dhcp context Region1
   bind interface vlan101 Region1


On 19-Jun-09, at 6:21 AM, Илья Савин wrote:

>
> Nearest to redback switch, witch acts as DHCP-Relay, also acts as  
> router for subscribers. Traffic between all clients routed by this  
> routing switch, and internet traffic goes to RedBack. Each /24  
> subnet is in own VLAN, routing switch has IP in each VLAN, this IP  
> is the default gateway for clients in this VLAN.
>
> I don’t want to steer all traffic to one client :)
> I’m used Framed-Route = "0.0.0.0 188.116.130.253 1" trying set  
> default gateway to 188.116.130.253. I don’t find any other radius  
> attributes to set default gateway.
>
>
> >Just out of interest, why would you want to do this?
> >
> >Do you mean:
> >
> >A. Enable the client to have internet access through your redback  
> (via
> >your network) -> then this framed route is not required, this is the
> >default IPCP behaviour.
> >
> >or
> >
> >B. Steer ALL traffic from your network through this one subscriber
> >in which case you would need:
> >
> >  Framed-IP-Address = 188.116.130.99
> >
> >  Framed-IP-Netmask = 255.255.255.0
> >
> >  Framed-Route = "0.0.0.0 0.0.0.0 188.116.130.99 1"
> >
> >Dave.
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp



--
Ron Ripley
ripleydotnet at gmail.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20090619/e531de0d/attachment.html>

More information about the redback-nsp mailing list