[rbak-nsp] CLIPS session in context depending on RADIUS
Stefano Rapari
s.rapari at gmail.com
Tue Dec 21 16:40:31 EST 2010
HI Arjan,
that's all you need. Just to give you an idea, try with binding to another context ( not really used, but just for the concept ), maybe this may help. For you this is the configuration I would use ( it may need some adjustment to your IP addresses and others ):
Port Config:
port ethernet 2/3
description NH-CES-ETH1-7
no shutdown
encapsulation dot1q
dot1q pvc 2001
service clips dhcp source-mac context AUTHENTICATION
Global config:
aaa global authentication subscriber radius context local
Context authentication config:
context AUTHENTICATION
aaa authentication subscriber global
( no interfaces, no other config is needed )
Context local config:
context local
!
radius server <bla> encrypted-key <bla>
Context testvpn config:
context testvpn
!
subscriber default
dhcp max-addrs 1
!
interface kpn-wba-dhcp multibind
ip address 94.247.1.1/24
ip address 94.247.2.1/24 secondary
dhcp server interface
!
dhcp server policy
default-lease-time 1800
maximum-lease-time 3600
subnet 94.247.1.0/24
range 94.247.1.2 94.247.1.254
option router 94.247.1.1
option domain-name-server 8.8.8.8 4.4.4.4
subnet 94.247.2.0/24
range 94.247.2.2 94.247.2.254
option router 94.247.2.1
option domain-name-server 8.8.8.8 4.4.4.4
Radius packet:
DEFAULT Auth-Type := Accept, Agent-Remote-Id == "PILOT"
Service-Type = Outbound-User,
Framed-IP-Address = 94.247.2.2,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "94.247.3.0/24",
DHCP_Max_Leases = 1,
Contex-name = "testvpn"
Thanks
Stefano
On Dec 21, 2010, at 8:51 PM, Arjan Van Der Oest wrote:
> But all I'm able to configure global is a pointer to the local concept. There is no AAA server configured in global config...
>
> --
> Met vriendelijke groet,
>
> Arjan van der Oest
> Senior Network & Systems Engineer / Security Officer
>
> Voiceworks BV - Editiestraat 29 - 1321 NG Almere
> Mobile : (+31) (0)36 7600 197
> Voiceworks winnaar Gouden FD Gazelle Award 2010 http://bit.ly/eksf8V
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101221/136657ad/attachment-0001.html>
More information about the redback-nsp
mailing list