Cisco NAS and server side ip pool management

Thoralf Freitag thoralf.freitag at
Fri Feb 13 17:46:22 CET 2009

aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius local
aaa accounting network default start-stop group radius
aaa authorization network default group radius

radius-server host <ip of radius> auth-port <authorization-port> acct-port 
<accounting-port> non-standard key <secret>

A local ip pool is not used, if your radius sends a FRAMED_IP-ADRESS. 
There is no difference if it is configured or not. Radius wins.
Thoralf Freitag
Manager Health Services System Administration

Phone:  +49 (0) 30 68905-4611
Cellular:+49 (0) 151 1631-4611
Fax:        +49 (0) 30 68905-2940
Mail:      Thoralf.Freitag at

Sebastian Krieger <skr at>
freeradius-users at
13.02.09 16:56
Cisco NAS and server side ip pool management
Sent by: at


for many hours now I am trying to configure a Cisco router as a NAS to 
authenticate dialup users against freeradius and provide the ip address 
dynamically from a server based ip pool.

The authentication part works fine and the ip address also gets selected 
from the pool and sent as Framed-IP-Address back to the NAS. The only 
thing is that the ip address seems not to be catched up by the NAS and 
provided to the dialup user. I test the dialup connection from a Windows 
XP machine with an ISDN card and there it always ends in an error 
message that the NAS didn't provide the IP information.

It is absolutely no problem to use a static ip pool on the Cisco router 
instead of a server based ip pool management.

Can someone please send me a working configuration example for a Cisco 
IOS based NAS?

List info/subscribe/unsubscribe? See

Woermannkehre 1, 12359 Berlin, Germany
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501

Vertreten durch ihre Komplementärin:
BIOTRONIK Mess- und Therapiegeräte GmbH
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918
Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, 
Dr. Lothar Krings

This email and the information it contains including attachments are 
confidential and meant only for use by the intended recipient(s); 
disclosure or copying is strictly prohibited. If you are not addressed, 
but in the possession of this email, please notify the sender immediately 
and delete the document.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list