Cisco ignores Framed-IP-Address from freeradius
Fred
frederic_gilloteau at yahoo.fr
Tue Jul 7 12:47:48 CEST 2009
Hi James,
Thank you for your reply!
I tried many aaa configurations but it does not solve the problem for me
Using 'debug radius' and 'debug isakmp error' on the CISCO, I can see that
it complains about "Unknown attr 0x4E24, 0x4E25, ..." and then ISAKMP also
complains with the same attributes CONFIG_MODE_UNKNOWN 0x4E24 ...
-----Message d'origine-----
De :
freeradius-users-bounces+frederic_gilloteau=yahoo.fr at lists.freeradius.org
[mailto:freeradius-users-bounces+frederic_gilloteau=yahoo.fr at lists.freeradiu
s.org] De la part de up at 3.am
Envoyé : lundi 6 juillet 2009 17:38
À : FreeRadius users mailing list
Objet : Re: Cisco ignores Framed-IP-Address from freeradius
On Mon, 6 Jul 2009, Gilloteau Frederic wrote:
> Hello,
I use freeradius 2.1.1-7 and a CISCO router (IOS 12.4(6)T9) to provide VPN
connections.
and the CISCO router gets it ...
.. but never assign it to remote users, the cisco router assigns an IP
address from its local pool.
The interesting lines of my cisco configuration are :
aaa new-model
!
!
aaa authentication login ClientAuth group radius
aaa authorization network ClientAuth group radius local
aaa accounting delay-start
aaa accounting network ClientAuth start-stop group radius
I had a similar problem...it was with my aaa config. Try:
aaa authentication login default local group radius
aaa authentication ppp default group radius local
aaa authorization exec default local
aaa authorization network default group radius local
James Smallacombe PlantageNet, Inc. CEO and Janitor
up at 3.am http://3.am
=========================================================================
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list