R: Cisco VRF + Radius
tnt at kalik.co.yu
tnt at kalik.co.yu
Mon Jul 9 15:10:06 CEST 2007
You don't need to set up vrf templates if everyone is going to use the
default radius server and default authentication and au6thorization
groups. It's optional.
What does debug radius and debug ppp negotiation on Cisco say about why
was the Framed-IP-Address rejected. If it fails on IPCP then your route
is the problem. Since it all goes well without it ...
Ivan Kalik
Kalik Informatika ISP
Dana 9/7/2007, "Francesco Cristofori" <f.cristofori at satcom.it> piše:
>> Putting a User into a certain VRF is quite simple:
>>
>> vrfuser User-Password == "topsecret"
>> Cisco-AVPair += "lcp:interface-config#1=ip vrf forwarding \
>> VRFNAME",
>
>Thank you Gerald, this is what I need to do.
>
>I tried using this method, but I end up with access-accept reply (from radiusd -X) like this:
>
>Sending Access-Accept of id 20 to x.y.159.252 port 1645
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Ascend-Client-Primary-DNS = x.y.z.1
> Ascend-Client-Secondary-DNS = x.y.z.2
> Session-Timeout = 20000
> Cisco-AVPair = "lcp:interface-config#1=ip vrf forwarding Satcom"
> Framed-IP-Address = x.y.129.239
>
>This seems correct to me, but the NAS ignores the Framed-IP-Address so the cpe never gets an Ip address.
>The IP address is taken from an ippool, the other attributes are stored in sql, everything works fine without that cisco-avpair attribute.
>
>Any hint?
>
>Thanks in advance,
> Francesco.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list