Configuration for Cisco DSL Users

DFN Systems Office office at dfn.com
Sat Sep 22 20:58:41 CEST 2007 

I'm new both to freeradius and the *nix operating system. I have
successfully implemented freeradius for users dialing in through Portmaster3
Access Servers using FreeRadius 1.0.1-1 on Fedora.
I am currently authenticating DSL users locally on a Cisco 7206VXR Router. I
would like to authenticate the DSL users on the FreeRadius Server, but
attempts have been unsuccessful. The Accounting works. Even now with DSL
Users set to Auth locally on the Router, Radius is faithfully logging the
activity.

With Radius Auth, the DSL modem will not connect and I get no entry in the
Radius accounting log.
 
AAA Debug is virtually Identical to the Local Auth output! The only
difference was the line "Method=local" changed to "Method=Radius".
 
Both log entry sets have Status = PASS and both show the virtual-access
change to up!
 
So now I'm thinking the AAA/Radius is working but I have a communications
issue. When a DSL user authenticates locally, he then gets an IP address
from the local pool on the Cisco. When the same DSL User authenticates on
Radius, all communication seems to stop.

Here are the relevant config sections from the Cisco.

aaa new-model
aaa authentication login default line [*currently set to local]
aaa authentication ppp default group radius local [see*above]
aaa authorization network default group radius local 
aaa accounting delay-start
aaa accounting network default start-stop group radius
interface Loopback1
 description DSL
 ip address 206.206.89.1 255.255.255.0 secondary
 ip address 206.206.88.161 255.255.255.240 secondary
 ip address 206.206.86.1 255.255.255.0
interface Virtual-Template2
 description DFN NEW Template
 ip unnumbered Loopback1
 ip mroute-cache
 peer default ip address pool OsoGranDSL OsoGranDsl2
 ppp authentication pap
radius-server host [omitted] auth-port 1645 acct-port 1646
radius-server host [omitted] auth-port 1645 acct-port 1646
radius-server key [omitted] 


Heres an example entry from my users file:
 
username  Auth-Type := Local, User-Password == "omitted"
      User-Service-Type = Framed-User,
      Framed-Protocol = PPP,
      Framed-Address = 255.255.255.254,
      Framed-Netmask = 255.255.255.255,
      Framed-Routing = Broadcast-Listen,
      Framed-Filter-Id = "std.ppp",
      Framed-MTU = 1500,
      Framed-Compression = Van-Jacobsen-TCP-IP

I think I'm close, and I have a hunch the users file settings that work for
PortMasters may not be good for Cisco. Any suggestions or sample configs
would be appreciated.

Bill Green
Dfn Systems

More information about the Freeradius-Users mailing list