cisco 7206 as (B|N)AS and per-user configuration

Discussion in 'Cisco' started by arne, Nov 29, 2005.

  1. arne

    arne Guest


    I'm using an 7206 as BRAS behind an IP based DSLAM
    PPPoE sessions are terminated against radius properly.
    Specific radius attributes in request-accept are received by cisco
    (debugging comfirms) but ignored
    for example the framed-route and framed-ip-address.
    Although I give fixed ip through framed-ip-address, users still get an IP
    out the dialpool pool, subnetrouting is ignored.

    Following radius attributes are used in a live system with redback as BAS,
    but don't seem to work on the cisco

    What have I forgotten?

    DEFAULT Auth-Type = External, Hint = "adslppp", Huntgroup-Name=cisco-bas
    Exec-Program-Wait = "/path/to/some/",
    Service-Type = Framed,
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP,
    Framed-Route = " 150",
    Framed-IP-Address =,
    Port-Limit = 2,
    Framed-IP-Netmask =,
    Framed-Routing = None,
    Fall-Through = 0

    config of cisco

    aaa new-model
    aaa group server radius dsl
    server auth-port 1812 acct-port 1813
    authorization reply reject none
    aaa authentication login default local
    aaa authentication ppp default group dsl
    aaa accounting network default start-stop group dsl
    aaa session-id unique
    vpdn enable
    vpdn ip udp ignore checksum
    vpdn-group 1
    protocol pppoe
    virtual-template 1
    interface FastEthernet0/0
    no ip address
    duplex half
    interface FastEthernet0/0.101
    encapsulation dot1Q 101
    ip address
    no ip redirects
    no ip proxy-arp
    ip accounting access-violations
    no snmp trap link-status
    pppoe enable
    no cdp enable

    interface Virtual-Template1
    ip address
    peer pool backup
    peer default ip address pool dialpool
    ppp authentication chap

    ip local pool dialpool

    radius-server attribute list none
    attribute 69
    radius-server attribute 31 mac format unformatted
    radius-server host auth-port 1812 acct-port 1813 key....
    radius-server unique-ident 6
    radius-server vsa send accounting
    radius-server vsa send authentication
    arne, Nov 29, 2005
    1. Advertisements

  2. as i remember ip adresses and other per-user-attributes where
    processed through "authorization":

    aaa authentication login default local
    aaa authentication ppp default group dsl
    aaa authorization network default group dsl

    Gerald Krause, Nov 29, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.