ippools; wasRE: Framed-IP-Address override NAS pool?

up at 3.am up at 3.am
Wed Jan 7 22:49:32 CET 2009

Sorry for the top-post, but I'm replying to myself and I want to keep my 
questions clear.  I tried creating two different "ippools" in the 
radiusd.conf using the different ranges I want to use, but the client 
ignored it and went only to the pool that the Cisco has.  I then changed 
the Cisco pool to include the entire range of IPs from both pools, but it 
still doesn't seem to recognize the FreeRadius pools, and defaults to 
whatever the first IP is in the Cisco pool.

I find the examples given in the radiusd.conf a little incomplete, but 
this is what I tried (IPs given are just examples)

         ippool users_pool {
                 range-start =
                 range-stop =
                 netmask =
                 cache-size = 251
                 session-db = ${db_dir}/db.ippool
                 ip-index = ${db_dir}/db.ipindex
                 override = yes

         ippool admin_pool {
                 range-start =
                 range-stop =
                 netmask =
                 cache-size = 251
                 session-db = ${db_dir}/db.ippool
                 ip-index = ${db_dir}/db.ipindex
                 override = yes

The above seems to be clear from the example...but the example for the 
raddb/users file is incomplete...here is what I tried:

testuser	Service-Type == Framed-User
 		Group == users, Pool-Name :="users_pool",
 		Framed-Protocol == PPP,
 		Framed-IP-Address =,
 		Framed-IP-Netmask =,
 		Framed-Compression = Van-Jacobson-TCP-IP

I'm a little unlcear about the "Group" attribute above, and whether it 
pertains to unix groups at all, which I haven't done anything to yet.  In 
any case, any pointers on how to make different users use different IP 
pools would be greatly appreciated.

On Wed, 7 Jan 2009, up at 3.am wrote:

> On Wed, 7 Jan 2009, Jeff Crowe wrote:
>> I was running into this problem on my Redback. The issue was the Redback
>> wanted an IP address in the same subnet so I had to setup as
>> a sub interface to allow subscribers to be assigned addresses in the
>> 192.168.1.x/24 range.  My Shasta was completely different and would allow
>> any IP address to be returned via radius and it would allow the IP to be
>> used.
> Ok, I just tried assigning a secondary IP from that subnet to faste0/0, since 
> I can't assign secondary IPs to the VirtualTemplate I/F, since it's IP 
> unnumbered eth0/0.  No go.  What I would expect from the Cisco, judging from 
> my past experience with AS5200s, is for it to allow radius to assign whatever 
> address it wants, but simply not route it until I fix that part of it, which 
> is fine.
> One fix I would think would start to work would be to simply add this new 
> subnet to the pool on the Cisco.  However, then the DEFAULT users would start 
> to assign from that pool as well, unless I figure out a way to force it to 
> assign from the first subnet.  If there's a way to force that, I'd appreciate 
> pointers.  I saw the "ippool" option, but I'm not clear how that co-exists 
> with the pool already configured on the Cisco.  Perhaps you need both, it's 
> just not clear to me.
> James Smallacombe		      PlantageNet, Inc. CEO and Janitor
> up at 3.am							    http://3.am
> =========================================================================
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up at 3.am							    http://3.am

More information about the Freeradius-Users mailing list