[rbak-nsp] CLIPS session in context depending on RADIUS

Stefano Rapari s.rapari at gmail.com
Tue Dec 21 16:40:31 EST 2010


HI Arjan, 

that's all you need. Just to give you an idea, try with binding to another context ( not really used, but just for the concept ), maybe this may help. For you this is the configuration I would use ( it may need some adjustment to your IP addresses and others ):

Port Config:

port ethernet 2/3
description NH-CES-ETH1-7
no shutdown
encapsulation dot1q
dot1q pvc 2001 
 service clips dhcp source-mac context AUTHENTICATION

Global config:

aaa global authentication subscriber radius context local


Context authentication config:

context AUTHENTICATION 
aaa authentication subscriber global
( no interfaces, no other config is needed ) 

Context local config:

context local
!
radius server <bla> encrypted-key <bla>

Context testvpn config:

context testvpn
!
subscriber default
dhcp max-addrs 1
!
interface kpn-wba-dhcp multibind
ip address 94.247.1.1/24
ip address 94.247.2.1/24 secondary
dhcp server interface
!
dhcp server policy
default-lease-time 1800
maximum-lease-time 3600
subnet 94.247.1.0/24
range 94.247.1.2 94.247.1.254
option router 94.247.1.1
option domain-name-server 8.8.8.8 4.4.4.4
subnet 94.247.2.0/24
range 94.247.2.2 94.247.2.254
option router 94.247.2.1
option domain-name-server 8.8.8.8 4.4.4.4

Radius packet:

DEFAULT Auth-Type := Accept, Agent-Remote-Id == "PILOT"
Service-Type = Outbound-User,
Framed-IP-Address = 94.247.2.2,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "94.247.3.0/24",
DHCP_Max_Leases = 1,
Contex-name = "testvpn"

Thanks
Stefano
On Dec 21, 2010, at 8:51 PM, Arjan Van Der Oest wrote:

> But all I'm able to configure global is a pointer to the local concept. There is no AAA server configured in global config...
> 
> -- 
> Met vriendelijke groet,
> 
> Arjan van der Oest
> Senior Network & Systems Engineer / Security Officer
> 
> Voiceworks BV - Editiestraat 29 - 1321 NG Almere
> Mobile : (+31) (0)36 7600 197
> Voiceworks winnaar Gouden FD Gazelle Award 2010 http://bit.ly/eksf8V

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101221/136657ad/attachment-0001.html>


More information about the redback-nsp mailing list