Re: Can you assign a subnet mask while using Cisco Secure

Fri, 30 Jun 2000 11:30:17 -0700 

Steve,

I'm not sure how to respond to your question.  Where is the classfull mask
you are talking about?

 If at the client, that is correct.  PPP-NCP has no provision for
configuring the client mask, so the client defaults to the classfull mask.
Again, this is how it is supposed to work.

If at the NAS, then this is wrong.  The mask in the routing table should be
255.255.255.255  i.e. one route entry per dial-up host.

Are you using ISL from the NAS to the switch?  or multiple ethernets? (one
per VLAN)

Are you using a dynamic routing protocol?  If so, configure distribution
lists based on the proper VLAN masks out each ISL sub-interface (or vlan
interface).  You'll allow learning of host routes which belong to each VLAN
and deny those that don't belong.  You may also need access-lists applied to
each VLAN interface on the NAS.   This way you only let certain IP's to talk
to certain IP's.  Make sure on the NAS you turn off auto-summarization.

Another thought is using ACS's ability to issue an Autocommand on the
interfaces on a per user basis.  You could apply a filter or cause the
interface to join an IRB group.  ( I haven't actually done this, but I know
of it being done.  Someone posted an example of pre-user access-lists here
some months back.)

Rodgers Moore, CCDP, CCNP-Security

""Donohue, Steve"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am using Cisco Secure to authenticate dial-in users.  I would like to be
> able to assign these users IP addresses from their respective VLANs.  I
have
> set up IP address pools in my Cisco Secure.  Cisco Secure applies a
classful
> subnet mask so I can't make them appear to be on various vlans.  Is it
> possible to change this configuration, if not what would be the best way
to
> handle such a situation?
>
> I appreciate your assistence in this matter.
>
> Steve
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to