(RADIATOR) cisco-avpair for a route-map ?
Hugh Irvine
hugh at open.com.au
Mon Feb 4 16:33:19 CST 2008
Hello Kurt -
I think you are going to have to do some lab testing to see if/how
you can get this to work.
It really depends on whether the Cisco accepts a cisco-avpair to do
this (or not).
Has anyone on the list got any operational experience with this?
regards
Hugh
On 5 Feb 2008, at 09:08, Kurt Jaeger wrote:
> Dear radiator community,
>
> I have a question on adding a "ip policy route-map mymap" to
> a vpdn-generated interface using cisco-avpair radius attributes.
>
> First, why do I want to do this:
>
> Given the following fallback scenario:
>
> - customer has a fixed line (normal case), terminating on ourrouter1
> - customer has a dsl line (fallback case), terminating on otherrouter2
> - we have a tunnel from otherrouter2 to ourrouter1.
>
> otherrouter2 is located somewhere else (not inside our AS).
>
> If customer runs on fallback, we receive traffic from the internet
> to the customer and send it over the tunnel to otherrouter2.
>
> What happens to traffic sent from customer ? Normal case:
> He sends it to otherrouter2, which sends it out his default route.
>
> What we therefore need is the return traffic coming in from the
> fallback
> to go into our tunnel, so that we can handle both directions properly.
>
> Second, how can this be done ?
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/
> ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm
>
> says that we should define a route-map like this:
>
> --------------
> access-list 11 permit 205.206.207.0 0.0.0.255
>
> route-map mymap permit 10
> match ip address 11
> set ip next-hop <mytunnelendpoint>
> --------------
>
> For this, I want to assign a
>
> ip policy route-map mymap
>
> to the fallback dsl session.
>
> Would adding a
>
> Cisco-AVPair = "lcp:interface-config=ip policy route-map mymap"
>
> work ? Has anyone ever tried this ? Is there some other way to do
> this ?
>
> Thanks for any pointer.
>
> --
> pi at opsec.eu +49 171 3101372 12
> years to go !
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list