Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure IP pool from radius server

Hi, all

My ADSL system's using a ERX-700 (juniper) as a BRAS and 7206 for backup.

Everything is alright except assigning name of pool to BRAS.

ERX-700 use frame-pool attr to provide pool name instead of addr-pool attr as 7206.

IOS can unsupport this attr but I can't configure both attr on radius.

Can you help to overcome this problem

Thanks a lot.

  • AAA Identity and NAC
2 REPLIES
Silver

Re: Configure IP pool from radius server

As the NAS sets up communication with the RADIUS server, the NAS assigns an IP address to the dial-in host from a pool of IP addresses configured at the specific interface. The NAS sends the IP address of the dial-in host to the RADIUS server as attribute 8. At that time, the NAS sends other user information, such as the user name, to the RADIUS server.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121dc/121dc3/ip_hint.htm

New Member

Re: Configure IP pool from radius server

This is a radius issue. It does depends on the AAA server you're using how to configure both NASes independently.

For instance, if you would be using NavisRadius product as AAA server to configure which attributes to send back per NAS is really piece of cake:

1) First, you have you to define how to identify separately both NASes, either by IP, technology, by checking the calling-station-id, or whatever.

Supposing you do use IP, which maybe is easier, you do have to define a clients file, for instance:

10.0.0.1 secret_key ERX700

10.0.0.2 secret_key2 Cisco7200

10.0.0.3 secret_key3 AS5800

2) Depending on who's sending the request define what to do next and what attributes send back. With NavisRadius you make this thru a Policy Flow, which is like a set of instructions to configure it, either manually or thru a GUI. Thru this set you could do for instance:

checkClientClass Method-Type="Branch"

Branch-Case = "Cisco7200\tsetIPAdressPoolA"

Branch-Case = "ERX700\tsetIPforERX"

Branch-Case = "AS5800\tsetIpsecService"

Branch-Case = "*\tUnknownClient"

Branch-SelectMode = "KEY"

Branch-SearchKey = "${client.Client-Class}"

3) And finally depending on the tag used go to another method which sends the needed attributes back to the NAS or do whatever you want to do depending on the case.

This is a very brief example, since the product is really flexible and allows many other possibilities, like getting the IP pools from another server, etc.

Good luck!

580
Views
0
Helpful
2
Replies