Passing Radius attribute to Cisco 7304
John Williams
john.williams at eurisp.co.uk
Tue Aug 15 16:37:14 CEST 2006
Yes I would agree normally.
But we don't currently have a valid support contract for the Cisco so I'm
hoping someone may have come across this before or maybe familiar with the
7304.
John
> -----Original Message-----
> From: freeradius-users-
> bounces+john.williams=eurisp.co.uk at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+john.williams=eurisp.co.uk at lists.freeradius.org] On Behalf Of
> Peter Nixon
> Sent: 15 August 2006 15:21
> To: FreeRadius users mailing list
> Subject: Re: Passing Radius attribute to Cisco 7304
>
> Hi John
>
> This looks like something you should take up with Cisco TAC as the cisco
> quite
> clearly says thats its not applying the attribute you are sending it.
>
> Cheers
>
> Peter
>
> On Tue 15 Aug 2006 16:18, John Williams wrote:
> > Ok for some reason the whole email I typed didn't send, just the first
> > line. Lets try again.
> >
> > Right we have just upgraded our 7204 to a 7304.
> > We just copied the config across to the 7304 more or less.
> >
> > We send a Radius attribute to certain users that will assign a route map
> to
> > direct their web traffic to our proxy server. This worked fine on the
> 7204
> > but no longer does on the 7304.
> >
> > The attribute we send is:
> >
> > ##
> > ip policy route-map proxy-redirect
> > ##
> >
> >
> > Which assigns the route map:
> >
> >
> > ##
> > route-map proxy-redirect-new permit 10
> > match ip address 110
> > set ip next-hop 192.168.1.33
> > ##
> >
> >
> > Which is controlled by the access list:
> >
> >
> >
> > ##
> > access-list 110 deny ip 192.168.1.0 0.0.0.15 any
> > access-list 110 permit tcp any any eq www
> > access-list 110 deny ip any any
> > ##
> >
> >
> > The Radius debug on the router shows:
> >
> >
> > ##
> > RADIUS: cisco AVPair "lcp:interface-config= ip policy route-map
> > proxy-redirect" not applied for ip
> > ##
> >
> >
> > Not sure why it's no longer assigning the route map.
> > If I do a " show derived-config interface <virtual Interface>" for the
> user
> > that should be assigned the route map it doesn't show it being assigned.
> > Likewise our proxy logs no longer show anyone accessing the proxy.
> >
> > Has anyone got any ideas or come across the error before when assign
> Radius
> > attributes to a user?
> >
> > Thanks
> > John
> >
> > > -----Original Message-----
> > > From: freeradius-users-
> > > bounces+john.williams=eurisp.co.uk at lists.freeradius.org
> > > [mailto:freeradius-users-
> > > bounces+john.williams=eurisp.co.uk at lists.freeradius.org] On Behalf Of
> > > John Williams
> > > Sent: 15 August 2006 08:15
> > > To: freeradius-users at lists.freeradius.org
> > > Subject: Passing Radius attribute to Cisco 7304
> > >
> > > Hi all
> > >
> > > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing
> some
> > > problems
> > >
> > > --
> > > No virus found in this outgoing message.
> > > Checked by AVG Free Edition.
> > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date:
> > > 11/08/2006
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > > --
> > > No virus found in this incoming message.
> > > Checked by AVG Free Edition.
> > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date:
> > > 11/08/2006
>
> --
>
> Peter Nixon
> http://www.peternixon.net/
> PGP Key: http://www.peternixon.net/public.asc
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006
>
>
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006
More information about the Freeradius-Users
mailing list