Re: RADIUS pointing to an address pool

reinke · ‎08-01-2002

A dial-in client should get an ip address from an address pool called DIAL-IN which is configured localy on a 2600er Router.

The address pool should be selected by the radius access accept answer from a radius server.

Everything is working fine: The dial-in clients requests 0.0.0.0 via IPCP and the router asks the address pool DIAL-IN. The pool returns an ip address, which is definitly from the address pool DIAL-IN.

But at this point the router reports: Attributes addr and addr-pool are mutally exclusive and IPCP is terminating.

Has anybody an idea whats going wrong?

Thanks

Edgar

tepatel · ‎08-01-2002

I assume that you want to allocated the ip address from one of the ip pool defined on the router but name of the pool from which ip address to be allocated should come from radius server during authorization..Right??

You need to turn on authorization thru radius for ppp users and use av-pair attribute for per user or under group config(for multiple users)

av-pair will be

ip:addr-pool=name

Where name is the ip pool defined on router..

reinke · ‎08-02-2002

That is exactly what I have done. The Access Accept message from the radius server includes the pool name and the router uses this pool.

But suddenly the debug aaa authorization reports: attributes addr and addr-pool mutaually ...

tepatel · ‎08-02-2002

Pl. post following debug to investigate more in this case.

debug ppp nego

debug aaa per

debug aaa authorization

debug radius

reinke · ‎08-06-2002

Sorry, I could not answer in a timely manner, because I spend some time at the customer site.

The required debugs are not available at the moment. I have solved the problem using pools defined on the ACS.

Nevertheless, I hope that I can offer the debugs during the next days. I still have used those debugs and I can confirm that the ACS sends an access accept, which includes the attribute pointing to a local pool on the NAS.

Edgar