(RADIATOR) radius assigned IP's - cisco 7206
Hugh Irvine
hugh at open.com.au
Thu Jan 10 18:55:26 CST 2002
Hello Mike -
On Fri, 11 Jan 2002 05:42, Mike Greene wrote:
> Hello,
>
> I'm trying to sort out a problem that I'm dealing with and was wondering if
> anybody else has been down this road before.
>
> We currently have a users file that has one "Default" entry for all of our
> dynamic IP customers, and if we need to statically assign a customer an IP
> or subnet we create a specific profile for them. This works great for our
> dial-up modem customers on PM3's and our 3COM TC's.
>
> We have recently started providing aDSL services and we use a cisco 7206VXR
> to handle that, and that also has been working great with no modifications
> to our radius users file, customers get authenticated just as if they were
> dial-up customers and are assigned a dynamic IP from the IP POOL on the
> cisco.
>
> Now I'm faced with DSL customers wanting static IP's. I talked to cisco
> about this and since I'm doing PPPoE with VCI ranges and VPDN services they
> say I cannot simply create a new template etc.
>
> What they are saying is the following:
> >Remove the peer default ip address pool centurytel from the virtual
> >template.
> >
> >On the radius server you would have a profile for one user that gets an ip
> >address assigned. Then there is another profile that gets an ip address
> > via a pool. In this profile you would use avpairs to reference pool
> > centurytel on the 7200. So all users that log in w/ this username and pwd
> > will then be assigned an ip address from the pool on the 7200.
>
> I can deal with the static IP profile no problem, that is no different than
> what we do for static-ip dial-ups, but the majority of the dynamic-ip DSL
> customers I do not want to create a user profile for each customer as that
> would be a lot of overhead for us and it seems like we should be able to
> utilize a default entry much like we have now.
>
> Ideally I would like to create a 2nd "default" profile and have that entry
> handle the requests coming from the cisco 7200. I've never done this
> before but my gut feeling is that I have to add some sort of "nas
> identifier" to the radius profile and add the av-apairs statement to point
> to the cisco's address pool.
>
Probably the simplest way to do this is with Handlers.
Something like this:
# define Clients
<Client .....>
Identifier cisco7200
......
</Client>
<Client ......>
......
</Client>
# define AuthBy clauses
<AuthBy ....>
Identifier cisco7200auth
......
</AuthBy>
<AuthBy ....>
Identifier standardauth
.....
</AuthBy>
# define Handlers
<Handler Client-Identifier cisco7200>
AuthBy cisco7200auth
......
</Handler>
<Handler>
AuthBy standardauth
......
</Handler>
If you have any questions please ask.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list