Hi There is FW between NAS and private network. If the ip address assignment is controlled by radius. Then I can restrict where the dialup users go to after the authentication.
My NAS configure: aaa new-model aaa authentication login default radius aaa authentication ppp default radius interface Group-Async1 ip unnumbered Ethernet0 no ip directed-broadcast encapsulation ppp async default routing async mode interactive peer default ip address pool poo <-del for use radius no cdp enable ppp authentication pap chap group-range 1 30 and user profile: userA Auth-Type := Local, Password == "userA", Pool-Name := "RAS" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = Broadcast-Listen, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP Can you point out the mistake due to failure connection? K --- Kostas Kalevras <[EMAIL PROTECTED]> wrote: > On > > Yes you can. The question is why should you? THe > Cico access servers can do ip > pool assignment/managemnet on their own. > > -- > Kostas Kalevras Network Operations Center _______________________________________________________________________ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html