03-10-2003 06:39 AM - edited 03-02-2019 05:44 AM
Hello,
One of my customers would like to configure a 3640 routers with 1 module NM-18DM like that :
Depending on the authentification login/passwd, the router provides 1 ip address belonging to a different ip address pool.
All users are coming from an analogical line; so every user uses the interface Group-Async1. In my mind, every remote users is using interface Group-Async1 to receive their ip address from the same pool. Is-it true ?
It is possible to do someting (using dialer profile) in order that such as the authentification, the ip pool used is different ?
Thanks in advance.
Nicos.
Solved! Go to Solution.
03-11-2003 09:11 AM
Dialer profile commands are missing which will link interface group-async 1 with all the dialer interfaces. So you need to add following
interface group-async 1
dialer pool-member 1
Interface dialer x
dialer pool 1
Looking on the above config the user with username USER10 will get ip address 10.112.32.1 all the time.
If you don't want to allocate ip address statically like that, you can use "peer default ip address pool
03-10-2003 07:55 AM
Nicos,
You can do this with Dialer Profiles. Set up a dialer interface for each user, with the command "peer default ip address (address)" command configured on each dialer interface. The addresses set up on the dialer interfaces will be unique. So, after a user is mapped to a dialer interface via the authentication process, the IP address set aside for that user will be assigned during the IPCP phase.
This could be cumbersome if you have a large universe of users. With a separate dialer interface for each user, you could end up with a huge configuration in your router. To avoid this, it may be desirable to set up Virtual Profiles in a AAA (TACACS+ or RADIUS) server for each user. With virtual profiles, the AAA server will tell the router how to configure a virtual access interface each time that a given user dials in. This configuration may include the IP address that you want to assign to the user. Here is a link on virtual profiles.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fdial_c/fnsprt8/dafvprof.htm
Good Luck.
Mark
03-11-2003 01:30 AM
Hello Mark and Tepatel,
First, thanks a lot for your so quick answers.
So in your mind, I can do my configuration with dialer profile. For all remote (analogical) users, I have to do the same dialer profile except the "dialer remote-name ..." and "peer default ip address....". First, all user will go to the int GroupAsync1 to be proceeded then they will go to dialer profile to get an @IP. My config should be something like that :
username USER10 password 0 cisco
interface Group-Async1
ip unnumbered FastEthernet0/0
encapsulation ppp
dialer in-band
dialer idle-timeout 60
dialer-group 1
async mode interactive
no peer default ip address
ppp authentication chap
group-range 1 18
!
interface Dialer10
description USER10
ip unnumbered FastEthernet0/0
encapsulation ppp
dialer remote-name USER10
dialer idle-timeout 60
dialer-group 1
no fair-queue
peer default ip address 10.112.32.1
ppp authentication chap
can i do something to link the int dialerS to the int GroupAsync1 ?
Thank in advance.
Nicos.
03-11-2003 09:11 AM
Dialer profile commands are missing which will link interface group-async 1 with all the dialer interfaces. So you need to add following
interface group-async 1
dialer pool-member 1
Interface dialer x
dialer pool 1
Looking on the above config the user with username USER10 will get ip address 10.112.32.1 all the time.
If you don't want to allocate ip address statically like that, you can use "peer default ip address pool
03-10-2003 11:01 AM
Interface group-async is a group of multiple individual async interface based on "group-range x y" command. So instead of configuring multiple individual async inerface(with same config), we can group them using "group-async".
Now since all the lines/modems will share the same config from group-async, the ip address will be allocated to users from the same ip pool configured as well.
I do see your point that you want to allocate the ip address from a different ip pool based on a username rather then one ip pool for all...right?
You can configure dialer profile but it will make your config very big as we have to configure a dialer interface for all the usernames that you might have.
It is very very difficult on 3600 based platforms as modem will be picked randomly and based on availability for incoming call. So there is no way to control modem allocation on 3600 platform as it doesn't support modem-pooling (AS5xxx platform does support it)
So the best bet is to use AAA to control ip address allocation for incoming users. Here is the link explaining that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: