Passing Radius attribute to Cisco 7304

Peter Nixon listuser at peternixon.net
Tue Aug 15 17:35:54 CEST 2006


Hmmm.. Well, as this is clearly a cisco problem and not FreeRADIUS (according 
to your logs) you will probably get more love from a cisco mailing list 
(cisco-nsp at puck.nether.net for example). I unfortunately have not come across 
the problem before.

Cheers

Peter


On Tue 15 Aug 2006 17:37, John Williams wrote:
> Yes I would agree normally.
> But we don't currently have a valid support contract for the Cisco so I'm
> hoping someone may have come across this before or maybe familiar with the
> 7304.
>
> John
>
> > -----Original Message-----
> > From: freeradius-users-
> > bounces+john.williams=eurisp.co.uk at lists.freeradius.org
> > [mailto:freeradius-users-
> > bounces+john.williams=eurisp.co.uk at lists.freeradius.org] On Behalf Of
> > Peter Nixon
> > Sent: 15 August 2006 15:21
> > To: FreeRadius users mailing list
> > Subject: Re: Passing Radius attribute to Cisco 7304
> >
> > Hi John
> >
> > This looks like something you should take up with Cisco TAC as the cisco
> > quite
> > clearly says thats its not applying the attribute you are sending it.
> >
> > Cheers
> >
> > Peter
> >
> > On Tue 15 Aug 2006 16:18, John Williams wrote:
> > > Ok for some reason the whole email I typed didn't send, just the first
> > > line. Lets try again.
> > >
> > > Right we have just upgraded our 7204 to a 7304.
> > > We just copied the config across to the 7304 more or less.
> > >
> > > We send a Radius attribute to certain users that will assign a route
> > > map
> >
> > to
> >
> > > direct their web traffic to our proxy server. This worked fine on the
> >
> > 7204
> >
> > > but no longer does on the 7304.
> > >
> > > The attribute we send is:
> > >
> > > ##
> > > ip policy route-map proxy-redirect
> > > ##
> > >
> > >
> > > Which assigns the route map:
> > >
> > >
> > > ##
> > > route-map proxy-redirect-new permit 10
> > >  match ip address 110
> > >  set ip next-hop 192.168.1.33
> > > ##
> > >
> > >
> > > Which is controlled by the access list:
> > >
> > >
> > >
> > > ##
> > > access-list 110 deny   ip 192.168.1.0 0.0.0.15 any
> > > access-list 110 permit tcp any any eq www
> > > access-list 110 deny   ip any any
> > > ##
> > >
> > >
> > > The Radius debug on the router shows:
> > >
> > >
> > > ##
> > > RADIUS: cisco AVPair "lcp:interface-config= ip policy route-map
> > > proxy-redirect" not applied for ip
> > > ##
> > >
> > >
> > > Not sure why it's no longer assigning the route map.
> > > If I do a " show derived-config interface <virtual Interface>" for the
> >
> > user
> >
> > > that should be assigned the route map it doesn't show it being
> > > assigned. Likewise our proxy logs no longer show anyone accessing the
> > > proxy.
> > >
> > > Has anyone got any ideas or come across the error before when assign
> >
> > Radius
> >
> > > attributes to a user?
> > >
> > > Thanks
> > > John
> > >
> > > > -----Original Message-----
> > > > From: freeradius-users-
> > > > bounces+john.williams=eurisp.co.uk at lists.freeradius.org
> > > > [mailto:freeradius-users-
> > > > bounces+john.williams=eurisp.co.uk at lists.freeradius.org] On Behalf Of
> > > > John Williams
> > > > Sent: 15 August 2006 08:15
> > > > To: freeradius-users at lists.freeradius.org
> > > > Subject: Passing Radius attribute to Cisco 7304
> > > >
> > > > Hi all
> > > >
> > > > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing
> >
> > some
> >
> > > > problems
> > > >
> > > > --
> > > > No virus found in this outgoing message.
> > > > Checked by AVG Free Edition.
> > > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date:
> > > > 11/08/2006
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > > > --
> > > > No virus found in this incoming message.
> > > > Checked by AVG Free Edition.
> > > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date:
> > > > 11/08/2006
> >
> > --
> >
> > Peter Nixon
> > http://www.peternixon.net/
> > PGP Key: http://www.peternixon.net/public.asc
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date:
> > 11/08/2006

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060815/4de72846/attachment.pgp>


More information about the Freeradius-Users mailing list