Cisco 4700/2600 running as PPPoE Terminator

Discussion in 'Cisco' started by Francisco Rivas, Jul 21, 2003.

  1. Hi all,

    I've got a couple of 4700 and 2600 Cisco routers, and I'm testing them to
    terminate PPPoE sessions from DSL customers.
    Right now, I've got them running well, and the pppoe sessions are being
    established without any problems.
    The only thing that I can't do, is to assign static ip address to certain
    customers, based on their username/passwords and Radius attributes.
    The configuration that I'm using with the 2600 router is attached at the
    end of this post.
    As you can see, I'm using a pool address to assign IP's to the customers
    (pool1, 192.168.22.2/192.168.22.10). If I dial using pppoe clients, I can
    connect without any problem, and the router gives IP's from these pool to
    the customers.

    Now, I want that the customer "frivas" have a static address from these
    pool (for example, 192.168.22.5). On the radius profile of these user,
    I've added this config:

    DEFAULT User-Name=frivas,Password = "12345", Client-Id = DEFAULT
    Service-Type = Framed-User,
    Framed-Protocol = PPP,
    Framed-Address = 192.168.22.5

    (I've tried with Framed-IP-Address too)

    And it doesn't work. The router always assign whatever IP address is
    available on the pool, and looking at the output of the radius debug (in
    the router, using "debug radius" and "debug ppp" commands), I can see that
    the radius gives the attribute back to the router (I put a copy of the
    logs at the end of the post)

    So, the question is, what I'm doing wrong?? What I need to assign static
    IP address to certain customers using radius?? how can I do this?

    Thanks in advance for your help!! :)


    Francisco Rivas C.



    2600#show running-config
    Building configuration...

    Current configuration : 2166 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname 2600
    !
    boot system flash c2600-is-mz.122-4.T.bin
    aaa new-model
    !
    !
    aaa authentication login default enable
    aaa authentication ppp DSL group radius
    aaa nas port extended
    aaa session-id common
    enable secret 5 XXXXXXXX
    enable password XXXXXXXX
    !
    !
    !
    ip subnet-zero
    ip cef
    !
    !
    ip domain-name test.com
    ip name-server 1.2.3.4
    ip name-server 1.2.3.5
    !
    vpdn enable
    !
    vpdn-group test
    accept-dialin
    protocol pppoe
    virtual-template 1
    local name 2600Router
    !
    !
    !
    !
    interface Loopback0
    description Loopback
    ip address 192.168.20.1 255.255.255.255
    !
    interface FastEthernet0/0
    no ip address
    speed 100
    full-duplex
    pppoe enable
    no cdp enable
    !
    interface FastEthernet0/0.1
    description management-internet-access
    encapsulation dot1Q 1
    ip address 10.10.10.2 255.255.255.192
    no cdp enable
    !
    interface FastEthernet0/0.2
    description DSL customers
    encapsulation dot1Q 2
    ip address 192.168.22.1 255.255.255.0
    pppoe enable
    no cdp enable
    !
    interface FastEthernet0/0.3
    description PC-Test
    encapsulation dot1Q 3
    ip address 192.168.21.1 255.255.255.0
    no cdp enable
    !
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    no cdp enable
    !
    interface Virtual-Template1
    mtu 546
    ip unnumbered FastEthernet0/0.2
    peer default ip address pool pool1
    ppp authentication pap callin DSL
    !
    ip local pool pool1 192.168.22.2 192.168.22.10
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    no ip http server
    ip pim bidir-enable
    !
    no cdp run
    !
    !
    radius-server host 10.10.10.1 auth-port 1645 acct-port 1646 key mysecret
    radius-server retransmit 3
    radius-server attribute 8 include-in-access-req
    radius-server key mysecret
    radius-server authorization permit missing Service-Type
    radius-server vsa send accounting
    radius-server vsa send authentication
    call rsvp-sync
    !
    !
    mgcp profile default
    !
    dial-peer cor custom
    !
    !
    !
    !
    line con 0
    password xxxxxxx
    line aux 0
    line vty 0 4
    password xxxxxxx
    transport input telnet
    !
    no scheduler allocate
    !
    end

    2600#



    2600#
    00:28:09: Vi1 PPP: Phase is DOWN, Setup
    00:28:09: Vi1 PPP: Treating connection as a dedicated line
    00:28:09: Vi1 PPP: Phase is ESTABLISHING, Active Open
    00:28:09: Vi1 LCP: O CONFREQ [Closed] id 1 len 18
    00:28:09: Vi1 LCP: MRU 546 (0x01040222)
    00:28:09: Vi1 LCP: AuthProto PAP (0x0304C023)
    00:28:09: Vi1 LCP: MagicNumber 0x04671FFC (0x050604671FFC)
    00:28:09: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
    00:28:09: Vi1 PPP: Treating connection as a dedicated line
    00:28:09: Vi1 LCP: I CONFREQ [REQsent] id 1 len 10
    00:28:09: Vi1 LCP: MagicNumber 0xD07B0600 (0x0506D07B0600)
    00:28:09: Vi1 LCP: O CONFACK [REQsent] id 1 len 10
    00:28:09: Vi1 LCP: MagicNumber 0xD07B0600 (0x0506D07B0600)
    00:28:09: Vi1 LCP: I CONFACK [ACKsent] id 1 len 18
    00:28:09: Vi1 LCP: MRU 546 (0x01040222)
    00:28:09: Vi1 LCP: AuthProto PAP (0x0304C023)
    00:28:09: Vi1 LCP: MagicNumber 0x04671FFC (0x050604671FFC)
    00:28:09: Vi1 LCP: State is Open
    00:28:09: Vi1 PPP: Phase is AUTHENTICATING, by this end
    00:28:09: Vi1 PAP: I AUTH-REQ id 1 len 18 from "frivas"
    00:28:09: Vi1 PAP: Authenticating peer frivas
    00:28:09: Vi1 PPP: Phase is FORWARDING, Attempting Forward
    00:28:09: Vi1 PPP: Phase is AUTHENTICATING, Unauthenticated User
    00:28:09: RADIUS/ENCODE(00000008): acct_session_id: 9
    00:28:09: RADIUS(00000008): sending
    00:28:09: RADIUS: Send to unknown id 4 10.10.10.1:1645, Access-Request, len 103
    00:28:09: RADIUS: authenticator EB EA 12 80 6B E8 DE 5F - 82 FB A2 23 C4 84 15 22
    00:28:09: RADIUS: User-Name [1] 8 "frivas"
    00:28:09: RADIUS: User-Password [2] 18 *
    00:28:09: RADIUS: NAS-Port [5] 6 1
    00:28:09: RADIUS: Vendor, Cisco [26] 33
    00:28:09: RADIUS: Cisco AVpair [1] 27 "interface=Virtual-Access1"
    00:28:09: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
    00:28:09: RADIUS: Service-Type [6] 6 Framed [2]
    00:28:09: RADIUS: NAS-IP-Address [4] 6 10.10.10.2
    00:28:09: RADIUS: Received from id 4 10.10.10.1:1645, Access-Accept, len 38
    00:28:09: RADIUS: authenticator 54 F3 E6 D4 D0 46 90 1D - 06 B7 4B 8E 4A 11 24 D1
    00:28:09: RADIUS: Framed-IP-Address [8] 6 192.168.22.5
    00:28:09: RADIUS: Service-Type [6] 6 Framed [2]
    00:28:09: RADIUS: Framed-Protocol [7] 6 PPP [1]
    00:28:09: RADIUS: Received from id 8
    00:28:09: Vi1 PPP: Phase is FORWARDING, Attempting Forward
    00:28:09: Vi1 PPP: Phase is AUTHENTICATING, Authenticated User
    00:28:09: Vi1 PAP: O AUTH-ACK id 1 len 5
    00:28:09: Vi1 PPP: Phase is UP
    00:28:09: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
    00:28:09: Vi1 IPCP: Address 192.168.22.1 (0x0306C0A81601)
    00:28:09: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 34
    00:28:09: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)
    00:28:09: Vi1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
    00:28:09: Vi1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
    00:28:09: Vi1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
    00:28:09: Vi1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
    00:28:09: Vi1 IPCP: Pool returned 192.168.22.2
    00:28:09: Vi1 IPCP: O CONFREJ [REQsent] id 1 len 16
    00:28:09: Vi1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
    00:28:09: Vi1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
    00:28:09: Vi1 IPCP: I CONFACK [REQsent] id 1 len 10
    00:28:09: Vi1 IPCP: Address 192.168.22.1 (0x0306C0A81601)
    00:28:09: Vi1 IPCP: I CONFREQ [ACKrcvd] id 2 len 22
    00:28:09: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)
    00:28:09: Vi1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
    00:28:09: Vi1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
    00:28:09: Vi1 IPCP: O CONFNAK [ACKrcvd] id 2 len 22
    00:28:09: Vi1 IPCP: Address 192.168.22.2 (0x0306C0A81602)
    00:28:09: Vi1 IPCP: PrimaryDNS 1.2.3.4 (0x8106D8F10085)
    00:28:09: Vi1 IPCP: SecondaryDNS 1.2.3.5 (0x8306D8F10097)
    00:28:09: Vi1 IPCP: I CONFREQ [ACKrcvd] id 3 len 22
    00:28:09: Vi1 IPCP: Address 192.168.22.2 (0x0306C0A81602)
    00:28:09: Vi1 IPCP: PrimaryDNS 1.2.3.4 (0x8106D8F10085)
    00:28:09: Vi1 IPCP: SecondaryDNS 1.2.3.5 (0x8306D8F10097)
    00:28:09: Vi1 IPCP: O CONFACK [ACKrcvd] id 3 len 22
    00:28:09: Vi1 IPCP: Address 192.168.22.2 (0x0306C0A81602)
    00:28:09: Vi1 IPCP: PrimaryDNS 1.2.3.4 (0x8106D8F10085)
    00:28:09: Vi1 IPCP: SecondaryDNS 1.2.3.5 (0x8306D8F10097)
    00:28:09: Vi1 IPCP: State is Open
    00:28:09: Vi1 IPCP: Install route to 192.168.22.2
    00:28:09: Vi1 IPCP: Add link info for cef entry 192.168.22.2
    00:28:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
     
    Francisco Rivas, Jul 21, 2003
    #1
    1. Advertisements

  2. does anyone have any lights about this???

    can you recommend any other maillist/newsgroup to discuss this issues??

    thanks!!

    Francisco R.


     
    Francisco Rivas, Jul 22, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.