Configuration for Cisco DSL Users

tnt at kalik.co.yu tnt at kalik.co.yu
Sat Sep 22 23:05:36 CEST 2007 

You will need to do debug ppp negotiation to see is IP address allocation
the problem. If it is, you can always use Freeradius ippool (or
sqlippool in latest versions) to alocate IPs.

Ivan Kalik
Kalik Informatika ISP


Dana 22/9/2007, "DFN Systems Office" <office at dfn.com> piše:

>I'm new both to freeradius and the *nix operating system. I have
>successfully implemented freeradius for users dialing in through Portmaster3
>Access Servers using FreeRadius 1.0.1-1 on Fedora.
>I am currently authenticating DSL users locally on a Cisco 7206VXR Router. I
>would like to authenticate the DSL users on the FreeRadius Server, but
>attempts have been unsuccessful. The Accounting works. Even now with DSL
>Users set to Auth locally on the Router, Radius is faithfully logging the
>activity.
>
>With Radius Auth, the DSL modem will not connect and I get no entry in the
>Radius accounting log.
>
>AAA Debug is virtually Identical to the Local Auth output! The only
>difference was the line "Method=local" changed to "Method=Radius".
>
>Both log entry sets have Status = PASS and both show the virtual-access
>change to up!
>
>So now I'm thinking the AAA/Radius is working but I have a communications
>issue. When a DSL user authenticates locally, he then gets an IP address
>from the local pool on the Cisco. When the same DSL User authenticates on
>Radius, all communication seems to stop.
>
>Here are the relevant config sections from the Cisco.
>
>aaa new-model
>aaa authentication login default line [*currently set to local]
>aaa authentication ppp default group radius local [see*above]
>aaa authorization network default group radius local
>aaa accounting delay-start
>aaa accounting network default start-stop group radius
>interface Loopback1
> description DSL
> ip address 206.206.89.1 255.255.255.0 secondary
> ip address 206.206.88.161 255.255.255.240 secondary
> ip address 206.206.86.1 255.255.255.0
>interface Virtual-Template2
> description DFN NEW Template
> ip unnumbered Loopback1
> ip mroute-cache
> peer default ip address pool OsoGranDSL OsoGranDsl2
> ppp authentication pap
>radius-server host [omitted] auth-port 1645 acct-port 1646
>radius-server host [omitted] auth-port 1645 acct-port 1646
>radius-server key [omitted]
>
>
>Heres an example entry from my users file:
>
>username  Auth-Type := Local, User-Password == "omitted"
>      User-Service-Type = Framed-User,
>      Framed-Protocol = PPP,
>      Framed-Address = 255.255.255.254,
>      Framed-Netmask = 255.255.255.255,
>      Framed-Routing = Broadcast-Listen,
>      Framed-Filter-Id = "std.ppp",
>      Framed-MTU = 1500,
>      Framed-Compression = Van-Jacobsen-TCP-IP
>
>I think I'm close, and I have a hunch the users file settings that work for
>PortMasters may not be good for Cisco. Any suggestions or sample configs
>would be appreciated.
>
>Bill Green
>Dfn Systems
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list