[rbak-nsp] internal dhcp and global radius authentication (with dynamic clips)

misha at iim.pl misha at iim.pl
Wed Aug 11 15:14:48 EDT 2010 

I'm beginner user of  redback routers. From about 2 weeks I try to create
simply configuration but I still have problems.

I want to create BRAS context with internal dhcp serwer and GLOBAL radius
authentication (radius client in context local).

In the global section:
aaa global authentication radius context  local

in the context BRAS:
  aaa authentication  subscriber radius global
  dhcp policy...

in context local:
radius server 192.168...  key    flksjdkfjsdkf

All the configuration below... this configuration does'nt works, dynamic
clips are not created
BUT:
1. communication with radius works fine (in the radius logs i see ACCEPTED);
2.  Whet I turn off authentication in context BRAS (aaa authentication
subscriber none)  - it works - so DHCP iS working
3.  When I move the radius to the context BRAS (without  global
authenticaation) -works!  - so radius is working

MK


Current configuration:
!
!  Configuration last changed by user 'misha' at Mon Aug  9 10:52:45 2010
!
!
!
!
!
aaa global authentication subscriber radius context local
!
!
service multiple-contexts
!
!
!
!
!
!


!
!
!
context local
!
 ip domain-lookup
!
 interface mgmt
  ip address 192.168.2.9/24
 logging console
!
 aaa authentication administrator local
!
 administrator leon encrypted 1 $1$........$5oNrzEf/HtcRZcaSZEVQa0
   privilege start 15
   privilege max 15
 administrator misha encrypted 1 $1$........$t8SQPi4ZT/TyNvolUGhOv1
   privilege start 10
   privilege max 15
!
 radius server 192.168.2.8 encrypted-key 64DAB7650584FA7D452BD158B882C838
!
 ip route 0.0.0.0/0 192.168.2.254
 service ssh server
!


!
context BRAS
!
 description  routing_context
!
 no ip domain-lookup
!
 interface LAN multibind
  description BRAS LAN GW
  ip address 83.142.199.193/26
  dhcp server interface
  ip arp proxy-arp
!
 interface WAN
  ip address 83.142.192.100/29
 no logging console
!
 aaa authentication administrator local
 aaa authentication administrator maximum sessions 1
 aaa authentication subscriber radius global
!
!
 subscriber default
   dhcp max-addrs 1
!
 subscriber name 00:1F:F3:5B:67:40
!
 ip route 0.0.0.0/0 83.142.192.102
 no service ssh server
!
 dhcp server policy
   nak-on-subnet-deletion
   option domain-name mi.pl
   offer-lease-time 300
   default-lease-time 900
   maximum-lease-time 900
   subnet 83.142.199.192/26
     range 83.142.199.210 83.142.199.250
     option domain-name-server 83.142.192.2


!
! ** End Context **
 logging tdm console
 logging active
 logging standby short
!
!
!
!Ethernet connectivity fault management configuration
!
!
!
port ethernet 1/1
! XCRP management port on slot 1
 no shutdown
 bind interface mgmt local
!
card carrier 2
!
port ethernet 2/1
 no shutdown
 medium-type copper
 encapsulation dot1q
 dot1q pvc 2000 encapsulation multi
  bind interface WAN BRAS
!
port ethernet 2/2
 no shutdown
 medium-type copper
 encapsulation dot1q
 dot1q pvc 15 encapsulation multi
  service clips dhcp context BRAS
!
 ssh server full-drop 10
!
 ssh server rate-drop 50
!
 ssh server start-drop 5
!
 system hostname RedBack
!
no service console-break
!
service crash-dump-dram
!
no service auto-system-recovery
!
end
[local]RedBack#

More information about the redback-nsp mailing list