VRF config from v2 to v3
aland at deployingradius.com
Mon Aug 23 17:27:20 CEST 2021
On Aug 23, 2021, at 11:17 AM, Richard Mealing <richard at fastnet.co.uk> wrote:
> 'Basically' this - Cisco NAS's will kick users who assign a VRF after assigning an IP address. The VRF must come first.
> All users authenticate and radreply works apart from vrf users. We are using cisco NAS. For example -
> | 26726947 | someuser at myrealm | Framed-IP-Address | = | 192.168.173.100 |
> | 26726948 | someuser at myrealm | Cisco-AVPair | += | ip:vrf-id=myVRF |
> | 26726949 | someuser at myrealm | Cisco-AVPair | += | ip:ip-unnumbered=Loopback 19 |
> | 26726950 | someuser at myrealm | Cisco-AVPair | += | ip:route=192.168.6.0 255.255.255.0 |
That will work.
> This came up at the last minute so I have not had time to debug, I just wondered if someone knew a quick fix!
Simple solutions are the best.
The "extra" operators just aren't necessary. i.e. It's not clear to my why people would create a configuration which does "add A, B, and C. OOPS! I forgot D! Add it before A"
Just create the configuration *correctly* in the first place. It's ever so much easier.
More information about the Freeradius-Users