Passing Radius attribute to Cisco 7304

Peter Nixon listuser at peternixon.net
Tue Aug 15 16:21:11 CEST 2006 

Hi John

This looks like something you should take up with Cisco TAC as the cisco quite 
clearly says thats its not applying the attribute you are sending it.

Cheers

Peter

On Tue 15 Aug 2006 16:18, John Williams wrote:
> Ok for some reason the whole email I typed didn't send, just the first
> line. Lets try again.
>
> Right we have just upgraded our 7204 to a 7304.
> We just copied the config across to the 7304 more or less.
>
> We send a Radius attribute to certain users that will assign a route map to
> direct their web traffic to our proxy server. This worked fine on the 7204
> but no longer does on the 7304.
>
> The attribute we send is:
>
> ##
> ip policy route-map proxy-redirect
> ##
>
>
> Which assigns the route map:
>
>
> ##
> route-map proxy-redirect-new permit 10
>  match ip address 110
>  set ip next-hop 192.168.1.33
> ##
>
>
> Which is controlled by the access list:
>
>
>
> ##
> access-list 110 deny   ip 192.168.1.0 0.0.0.15 any
> access-list 110 permit tcp any any eq www
> access-list 110 deny   ip any any
> ##
>
>
> The Radius debug on the router shows:
>
>
> ##
> RADIUS: cisco AVPair "lcp:interface-config= ip policy route-map
> proxy-redirect" not applied for ip
> ##
>
>
> Not sure why it's no longer assigning the route map.
> If I do a " show derived-config interface <virtual Interface>" for the user
> that should be assigned the route map it doesn't show it being assigned.
> Likewise our proxy logs no longer show anyone accessing the proxy.
>
> Has anyone got any ideas or come across the error before when assign Radius
> attributes to a user?
>
> Thanks
> John
>
> > -----Original Message-----
> > From: freeradius-users-
> > bounces+john.williams=eurisp.co.uk at lists.freeradius.org
> > [mailto:freeradius-users-
> > bounces+john.williams=eurisp.co.uk at lists.freeradius.org] On Behalf Of
> > John Williams
> > Sent: 15 August 2006 08:15
> > To: freeradius-users at lists.freeradius.org
> > Subject: Passing Radius attribute to Cisco 7304
> >
> > Hi all
> >
> > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some
> > problems
> >
> > --
> > No virus found in this outgoing message.
> > Checked by AVG Free Edition.
> > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date:
> > 11/08/2006
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date:
> > 11/08/2006

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060815/0139841e/attachment.pgp>

More information about the Freeradius-Users mailing list