1. Home
  2. Cisco Systems
  3. cisco 7206 as (B|N)AS and per-user configuration

cisco 7206 as (B|N)AS and per-user configuration

Hi

I'm using an 7206 as BRAS behind an IP based DSLAM PPPoE sessions are terminated against radius properly. Specific radius attributes in request-accept are received by cisco (debugging comfirms) but ignored for example the framed-route and framed-ip-address. Although I give fixed ip through framed-ip-address, users still get an IP out the dialpool pool, subnetrouting is ignored.

Following radius attributes are used in a live system with redback as BAS, but don't seem to work on the cisco

What have I forgotten?

DEFAULT Auth-Type = External, Hint = "adslppp", Huntgroup-Name=cisco-bas Exec-Program-Wait = "/path/to/some/script.pl", Service-Type = Framed, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP, Framed-Route = "192.168.64.0 255.255.255.192 192.168.83.131 150", Framed-IP-Address = 192.168.83.139, Port-Limit = 2, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Fall-Through = 0

config of cisco

aaa new-model ! ! ! aaa group server radius dsl server 192.168.64.161 auth-port 1812 acct-port 1813 authorization reply reject none ! aaa authentication login default local aaa authentication ppp default group dsl aaa accounting network default start-stop group dsl ! aaa session-id unique vpdn enable vpdn ip udp ignore checksum ! vpdn-group 1 accept-dialin protocol pppoe virtual-template 1 ! ! interface FastEthernet0/0 no ip address duplex half ! interface FastEthernet0/0.101 encapsulation dot1Q 101 ip address 192.168.3.3 255.255.255.0 no ip redirects no ip proxy-arp ip accounting access-violations no snmp trap link-status pppoe enable no cdp enable

! interface Virtual-Template1 ip address 192.168.83.129 255.255.255.192 peer pool backup peer default ip address pool dialpool ppp authentication chap

ip local pool dialpool 192.168.83.130 192.168.83.190

! radius-server attribute list none attribute 69 ! radius-server attribute 31 mac format unformatted radius-server host 192.168.64.161 auth-port 1812 acct-port 1813 key.... radius-server unique-ident 6 radius-server vsa send accounting radius-server vsa send authentication

Reply to
arne
Loading thread data ...

as i remember ip adresses and other per-user-attributes where processed through "authorization":

! aaa authentication login default local aaa authentication ppp default group dsl aaa authorization network default group dsl ...

--gerald

Reply to
Gerald Krause

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.