(RADIATOR) radius assigned IP's - cisco 7206

Mike Greene mikeg at rockisland.com
Thu Jan 10 12:42:43 CST 2002 

Hello,

I'm trying to sort out a problem that I'm dealing with and was wondering if 
anybody else has been down this road before.

We currently have a users file that has one "Default" entry for all of our 
dynamic IP customers, and if we need to statically assign a customer an IP 
or subnet we create a specific profile for them.  This works great for our 
dial-up modem customers on PM3's and our 3COM TC's.

We have recently started providing aDSL services and we use a cisco 7206VXR 
to handle that, and that also has been working great with no modifications 
to our radius users file, customers get authenticated just as if they were 
dial-up customers and are assigned a dynamic IP from the IP POOL on the cisco.

Now I'm faced with DSL customers wanting static IP's.  I talked to cisco 
about this and since I'm doing PPPoE with VCI ranges and VPDN services they 
say I cannot simply create a new template etc.

What they are saying is the following:

>Remove the peer default ip address pool centurytel from the virtual
>template.
>
>On the radius server you would have a profile for one user that gets an ip
>address assigned. Then there is another profile that gets an ip address via
>a pool. In this profile you would use avpairs to reference pool centurytel
>on the 7200. So all users that log in w/ this username and pwd will then be
>assigned an ip address from the pool on the 7200.

I can deal with the static IP profile no problem, that is no different than 
what we do for static-ip dial-ups, but the majority of the dynamic-ip DSL 
customers I do not want to create a user profile for each customer as that 
would be a lot of overhead for us and it seems like we should be able to 
utilize a default entry much like we have now.

Ideally I would like to create a 2nd "default" profile and have that entry 
handle the requests coming from the cisco 7200.  I've never done this 
before but my gut feeling is that I have to add some sort of "nas 
identifier" to the radius profile and add the av-apairs statement to point 
to the cisco's address pool.

Am I on the right track here?



- Mike

------------------------------------------------
Rock Island Communications, Inc.  (360)-378-5884
http://www.rockisland.com/  San Juan Islands, WA
------------------------------------------------

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list