cisco 7206 as (B|N)AS and per-user configuration

Discussion in 'Cisco' started by arne, Nov 29, 2005.

  1. arne

    arne Guest

    Hi

    I'm using an 7206 as BRAS behind an IP based DSLAM
    PPPoE sessions are terminated against radius properly.
    Specific radius attributes in request-accept are received by cisco
    (debugging comfirms) but ignored
    for example the framed-route and framed-ip-address.
    Although I give fixed ip through framed-ip-address, users still get an IP
    out the dialpool pool, subnetrouting is ignored.

    Following radius attributes are used in a live system with redback as BAS,
    but don't seem to work on the cisco

    What have I forgotten?


    DEFAULT Auth-Type = External, Hint = "adslppp", Huntgroup-Name=cisco-bas
    Exec-Program-Wait = "/path/to/some/script.pl",
    Service-Type = Framed,
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP,
    Framed-Route = "192.168.64.0 255.255.255.192 192.168.83.131 150",
    Framed-IP-Address = 192.168.83.139,
    Port-Limit = 2,
    Framed-IP-Netmask = 255.255.255.255,
    Framed-Routing = None,
    Fall-Through = 0


    config of cisco

    aaa new-model
    !
    !
    !
    aaa group server radius dsl
    server 192.168.64.161 auth-port 1812 acct-port 1813
    authorization reply reject none
    !
    aaa authentication login default local
    aaa authentication ppp default group dsl
    aaa accounting network default start-stop group dsl
    !
    aaa session-id unique
    vpdn enable
    vpdn ip udp ignore checksum
    !
    vpdn-group 1
    accept-dialin
    protocol pppoe
    virtual-template 1
    !
    !
    interface FastEthernet0/0
    no ip address
    duplex half
    !
    interface FastEthernet0/0.101
    encapsulation dot1Q 101
    ip address 192.168.3.3 255.255.255.0
    no ip redirects
    no ip proxy-arp
    ip accounting access-violations
    no snmp trap link-status
    pppoe enable
    no cdp enable

    !
    interface Virtual-Template1
    ip address 192.168.83.129 255.255.255.192
    peer pool backup
    peer default ip address pool dialpool
    ppp authentication chap

    ip local pool dialpool 192.168.83.130 192.168.83.190

    !
    radius-server attribute list none
    attribute 69
    !
    radius-server attribute 31 mac format unformatted
    radius-server host 192.168.64.161 auth-port 1812 acct-port 1813 key....
    radius-server unique-ident 6
    radius-server vsa send accounting
    radius-server vsa send authentication
     
    arne, Nov 29, 2005
    #1
    1. Advertisements

  2. as i remember ip adresses and other per-user-attributes where
    processed through "authorization":

    !
    aaa authentication login default local
    aaa authentication ppp default group dsl
    aaa authorization network default group dsl
    ....


    --gerald
     
    Gerald Krause, Nov 29, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.